Squid proxy 2.6 with FreeBSD 6.2

Anwarul Mamun mamun at freebsdmovement.org
Tue Sep 11 21:50:39 PDT 2007

I am using two different server. One is running under linux and using
iptables from which i want to forward http traffic to the FreeBSD box where
i am running Squid proxy and want to make it run as transparent proxy. The
problem is that the FreeBSD box is not working as a transparent proxy in
this scenario. It seems that the Squid proxy server at FreeBSD box doesn't
see the packet forwarded to it through the linux server.

Any suggestion?

On 9/12/07, Andrew Pantyukhin <infofarmer at freebsd.org> wrote:
> On Tue, Sep 11, 2007 at 05:23:28PM +0600, Anwarul Mamun wrote:
> > Hi All!
> >
> > I have a linux gateway server (using iptables on this) where my client
> hit
> > first. I want to direct the http traffic to the proxy server based on
> > FreeBSD ( i mean transparent proxy). I am using FreeBSD 6.2 and Squid
> proxy
> > 2.6. I have directed the http traffic from my linux gateway server to
> the
> > proxy server on FreeBSD as below.  But the transparent proxying does not
> > work. Is there anyone worked with the issues on transparent proxy with
> > FreeBSD 6.2. who may suggest in this case?
> >
> >
> > /sbin/iptables -t nat -A PREROUTING -s -p tcp --dport 80
> -j
> > DNAT --to
> > /sbin/iptables -t nat -A PREROUTING -s -p tcp --dport
> 8080
> > -j DNAT --to
> Assuming your squid config is right, you should stop modifying
> packets (with little knowledge of iptables, I think -j DNAT --to
> ... does that). If you manage to reroute unmodified packets to
> the FreeBSD box, you'll need something like this to set up its
> ipfw:
> $cmd add 100 fwd,3128\
> proto tcp src-ip $lan_local not src-ip me not dst-ip me\
> dst-port $http_ports
> $cmd add 200 allow via lo0
> $cmd add 500 deny dst-ip me dst-port 3128 not src-ip $lan_local

More information about the freebsd-isp mailing list