Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Apr 2000 13:07:44 -0500 (CDT)
From:      Chris Dillon <>
To:        Dan Larsson <>
Cc:        "[FreeBSD-Questions-List] (E-mail)" <freebsd-questions@FreeBSD.ORG>
Subject:   Re: www and squid on same machine
Message-ID:  <>
In-Reply-To: <000101bfaedc$57f315d0$>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, 25 Apr 2000, Dan Larsson wrote:

> I'm currently running a transparent cache on a
> FreeBSD machine. The machine is connected via two
> network interface cards one to the internet and one
> to the local lan.
> squid is bound to and listens on port 8080
> apache is bound to and listens on port 81
> These are the firewall rules I use to hijack http:
> ifpw add 100 pass tcp from INTERNET_IP_ADDRESS to any
> ipfw add 110 fwd,8080 tcp from any to any 80
> What do I need to do to serve http on the outside interface without
> allowing everyone access to the squid cache?

Bind Apache to the outside interface instead of and then add
this rule:

ipfw add 115 pass tcp from any to ${OUTSIDE_INTERFACE} 80

This will allow traffic to the outside interface port 80 before it
gets checked by the next rule where it would have normally been
redirected to squid.

As for not allowing external access to Squid, as you have it
configured now, nobody can ever have external access to the Squid
proxy except through any fwd rules you set up.

-- Chris Dillon - -
   FreeBSD: The fastest and most stable server OS on the planet.
   For Intel x86 and Alpha architectures. ( )

To Unsubscribe: send mail to
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <>