Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Jun 2016 21:13:42 -0300
From:      Thomas <thoms3rd@gmail.com>
To:        Ataro <ataro@protonmail.ch>
Cc:        "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>
Subject:   Re: force all the network traffic through a proxy server.
Message-ID:  <20160630001342.GA7528@host>
In-Reply-To: <OapWx-F4grUVJS2yYX-NGQwKCuYOyoS6y_JiExUWt-orNPggc37yomNenjtjFXNGlgaXZXZO7SoRmhFULkKHnw==@protonmail.ch>
References:  <OapWx-F4grUVJS2yYX-NGQwKCuYOyoS6y_JiExUWt-orNPggc37yomNenjtjFXNGlgaXZXZO7SoRmhFULkKHnw==@protonmail.ch>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Tue, Jun 28, 2016 at 01:48:30PM -0400, Ataro via freebsd-ipfw:
> Hi there,
>=20
> I've set up a FreeBSD machine inside a VirtualBox machine and used IPFW t=
o redirect all the requests to the internet through a squid proxy server ru=
nning on the same machine in port 3128 in intercept mode (also known as tra=
nsparent proxy mode).
>=20
> The problem is that I need a way to identify the packets that originates =
=66rom the squid server and let them pass out to the Internet but all other=
 packets must go through the squid server.
>=20
> my IPFW rules looks like the following:
> ipfw -f flush
> ipfw add 50 pass all from any to any via lo0
> ipfw add 100 pass all from any to any proto udp
> ipfw add 150 pass icmp from any to any
> ipfw add 200 fwd 127.0.0.1,3128 tag 1111 tcp from me to any
> ipfw add 250 pass all from 10.0.2.15 to any tagged 1111
>=20
> Unfortunately, the packets that originates from the squid server redirect=
ed back to itself and I don't find a way to allow them pass out.
>=20
> Is someone here have an idea?
>=20
> Regards,
>=20
> Ataro.
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"

Hello,

Run the squid server as a separate user, and use the uid match pattern.

Cheers,

Thom=E1s




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20160630001342.GA7528>