Squid proxy 2.6 with FreeBSD 6.2
Tek Bahadur Limbu
teklimbu at wlink.com.np
Wed Sep 12 07:15:11 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Anwarul,
Have you read what Andrew had said and tried the rules?
On Tue, 11 Sep 2007 17:23:28 +0600
"Anwarul Mamun" <mamun at freebsdmovement.org> wrote:
> Hi All!
>
> I have a linux gateway server (using iptables on this) where my client hit
> first. I want to direct the http traffic to the proxy server based on
> FreeBSD ( i mean transparent proxy). I am using FreeBSD 6.2 and Squid proxy
> 2.6. I have directed the http traffic from my linux gateway server to the
> proxy server on FreeBSD as below. But the transparent proxying does not
> work. Is there anyone worked with the issues on transparent proxy with
> FreeBSD 6.2. who may suggest in this case?
If you had directed the http traffic from your Linux Gw box to your FreeBSD Squid box,
do you actually see any kind of http traffic on the FreeBSD box?
Have you verified with tcpdump?
>
>
> /sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport 80 -j
> DNAT --to 172.16.3.1:8080
> /sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport 8080
> -j DNAT --to 172.16.3.1:8080
You can try the following:
On the Linux box:
iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 \
- -j DNAT --to squid-box:8080
iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box \
- -j SNAT --to iptables-box
iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p \
tcp --dport 8080 -j ACCEPT
By the way, what's the output of "squid -v" on your FreeBSD box and the
relevant transproxy config in your squid.conf?
On the FreeBSD Squid box:
IPFW add fwd 127.0.0.1,3128 tcp from any to any 80 in
IPFW add allow tcp from local-network to any 3128 in via $NET_IF
IPFW add 65533 deny log all from any to any
If everything goes fine, then it should work!!!
In my opinion, running squid in the Linux gateway would be the easiest
solution!:)
Hope it helps.
Thanking you....
>
> Regards,
>
> M
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>
- --
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
System Administrator
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://wlink.com.np/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
iD8DBQFG5+/2fpE0pz+xqQQRAkBAAJ43D4slIqP6SgkNW2310CHej2ibnACfWNyr
gLvulC9kMmZQklgC/3vs+1A=
=QfO7
-----END PGP SIGNATURE-----
More information about the freebsd-isp
mailing list