Squid proxy 2.6 with FreeBSD 6.2
Andrew Pantyukhin
infofarmer at freebsd.org
Wed Sep 12 01:40:36 PDT 2007
On Wed, Sep 12, 2007 at 10:50:38AM +0600, Anwarul Mamun wrote:
> On 9/12/07, Andrew Pantyukhin <infofarmer at freebsd.org> wrote:
> > On Tue, Sep 11, 2007 at 05:23:28PM +0600, Anwarul Mamun wrote:
> > > Hi All!
> > >
> > > I have a linux gateway server (using iptables on this) where my client
> > hit
> > > first. I want to direct the http traffic to the proxy server based on
> > > FreeBSD ( i mean transparent proxy). I am using FreeBSD 6.2 and Squid
> > proxy
> > > 2.6. I have directed the http traffic from my linux gateway server to
> > the
> > > proxy server on FreeBSD as below. But the transparent proxying does not
> > > work. Is there anyone worked with the issues on transparent proxy with
> > > FreeBSD 6.2. who may suggest in this case?
> > >
> > >
> > > /sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport 80
> > -j
> > > DNAT --to 172.16.3.1:8080
> > > /sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport
> > 8080
> > > -j DNAT --to 172.16.3.1:8080
> >
> > Assuming your squid config is right, you should stop modifying
> > packets (with little knowledge of iptables, I think -j DNAT --to
> > ... does that). If you manage to reroute unmodified packets to
> > the FreeBSD box, you'll need something like this to set up its
> > ipfw:
> >
> > $cmd add 100 fwd 127.0.0.1,3128\
> > proto tcp src-ip $lan_local not src-ip me not dst-ip me\
> > dst-port $http_ports
> > $cmd add 200 allow via lo0
> > $cmd add 500 deny dst-ip me dst-port 3128 not src-ip $lan_local
>
> I am using two different server. One is running under linux and using
> iptables from which i want to forward http traffic to the FreeBSD box where
> i am running Squid proxy and want to make it run as transparent proxy. The
> problem is that the FreeBSD box is not working as a transparent proxy in
> this scenario. It seems that the Squid proxy server at FreeBSD box doesn't
> see the packet forwarded to it through the linux server.
>
> Any suggestion?
Eh, did you read what I posted? (a) you need to deliver packets
from the linux box to the FreeBSD box unmodified, (b) inside the
FreeBSD box you've got to use those ipfw rules to get the packets
to squid.
More information about the freebsd-isp
mailing list