Squid proxy 2.6 with FreeBSD 6.2

Tek Bahadur Limbu teklimbu at wlink.com.np
Wed Sep 12 07:15:11 PDT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Anwarul,

Have you read what Andrew had said and tried the rules?


On Tue, 11 Sep 2007 17:23:28 +0600
"Anwarul Mamun" <mamun at freebsdmovement.org> wrote:

> Hi All!
> 
> I have a linux gateway server (using iptables on this) where my client hit
> first. I want to direct the http traffic to the proxy server based on
> FreeBSD ( i mean transparent proxy). I am using FreeBSD 6.2 and Squid proxy
> 2.6. I have directed the http traffic from my linux gateway server to the
> proxy server on FreeBSD as below.  But the transparent proxying does not
> work. Is there anyone worked with the issues on transparent proxy with
> FreeBSD 6.2. who may suggest in this case?

If you had directed the http traffic from your Linux Gw box to your FreeBSD Squid box,
do you actually see any kind of http traffic on the FreeBSD box? 

Have you verified with tcpdump?

> 
> 
> /sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport 80 -j
> DNAT --to 172.16.3.1:8080
> /sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport 8080
> -j DNAT --to 172.16.3.1:8080

You can try the following:

On the Linux box:

iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 \ 
- -j DNAT --to squid-box:8080

iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box \
- -j SNAT --to iptables-box

iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p \ 
tcp --dport 8080 -j ACCEPT



By the way, what's the output of "squid -v" on your FreeBSD box and the 
relevant transproxy config in your squid.conf?

On the FreeBSD Squid box:

IPFW add fwd 127.0.0.1,3128 tcp from any to any 80 in
IPFW add allow tcp  from local-network to any 3128 in via $NET_IF
IPFW add 65533 deny log  all  from any to any


If everything goes fine, then it should work!!!

In my opinion, running squid in the Linux gateway would be the easiest 
solution!:)

Hope it helps.



Thanking you....



> 
> Regards,
> 
> M
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
> 


- -- 

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

System Administrator 

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal
http://wlink.com.np/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)

iD8DBQFG5+/2fpE0pz+xqQQRAkBAAJ43D4slIqP6SgkNW2310CHej2ibnACfWNyr
gLvulC9kMmZQklgC/3vs+1A=
=QfO7
-----END PGP SIGNATURE-----

More information about the freebsd-isp mailing list