From owner-freebsd-questions Tue Apr 25 11: 7:56 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.wolves.k12.mo.us (mail.wolves.k12.mo.us [207.160.214.1]) by hub.freebsd.org (Postfix) with ESMTP id 776F137B607 for ; Tue, 25 Apr 2000 11:07:52 -0700 (PDT) (envelope-from cdillon@wolves.k12.mo.us) Received: from mail.wolves.k12.mo.us (cdillon@mail.wolves.k12.mo.us [207.160.214.1]) by mail.wolves.k12.mo.us (8.9.3/8.9.3) with ESMTP id NAA10189; Tue, 25 Apr 2000 13:07:44 -0500 (CDT) (envelope-from cdillon@wolves.k12.mo.us) Date: Tue, 25 Apr 2000 13:07:44 -0500 (CDT) From: Chris Dillon To: Dan Larsson Cc: "[FreeBSD-Questions-List] (E-mail)" Subject: Re: www and squid on same machine In-Reply-To: <000101bfaedc$57f315d0$1401a8c0@intranet.tyfon.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 25 Apr 2000, Dan Larsson wrote: > I'm currently running a transparent cache on a > FreeBSD machine. The machine is connected via two > network interface cards one to the internet and one > to the local lan. > > squid is bound to 127.0.0.1 and listens on port 8080 > apache is bound to 127.0.0.1 and listens on port 81 > > These are the firewall rules I use to hijack http: > ifpw add 100 pass tcp from INTERNET_IP_ADDRESS to any > ipfw add 110 fwd 127.0.0.1,8080 tcp from any to any 80 > > What do I need to do to serve http on the outside interface without > allowing everyone access to the squid cache? Bind Apache to the outside interface instead of 127.0.0.1 and then add this rule: ipfw add 115 pass tcp from any to ${OUTSIDE_INTERFACE} 80 This will allow traffic to the outside interface port 80 before it gets checked by the next rule where it would have normally been redirected to squid. As for not allowing external access to Squid, as you have it configured now, nobody can ever have external access to the Squid proxy except through any fwd rules you set up. -- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net FreeBSD: The fastest and most stable server OS on the planet. For Intel x86 and Alpha architectures. ( http://www.freebsd.org ) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message