transparent Squid 2.5Stable10 + FreeBSD 5.3

eculp at bafirst.com eculp at bafirst.com
Mon Jun 20 17:32:49 GMT 2005 

Quoting Ryan Rathje <mrsharky at iastate.edu>:

> Here's my FreeBSD setup
>
> Nic1 -> outside (123.456.789.10)
> Nic2 -> internal (192.168.1.2)
>
> Here's my client Win2k setup
>
> IP: 192.168.1.5
> MASK: 255.255.255.0
> GW: 192.168.1.2
>
> -------------------------------------
>
> I have FreeBSD 5.3 installed with the modified kernel options
>
> options         IPFILTER
> options         IPFILTER_LOG
> options         NMBCLUSTERS=32768
> options         IPFIREWALL
> options         IPFIREWALL_FORWARD
> options         IPFIREWALL_DEFAULT_TO_ACCEPT
>
> in a machine with 2 NICS ( NIC1 -> outside work; NIC2 -> interal network
> (192.168.1.2).  I configured Squid with the ARG --enable-ipf-transparent, and
> ths is what my options (/var/db/ports/squid/) file looks like for 
> configuring Squid:
>
> # This file is auto-generated by 'make config'.
> # No user-servicable parts inside!
> # Options for squid-2.5.10_1
> _OPTIONS_READ=squid-2.5.10_1
> WITHOUT_SQUID_LDAP_AUTH=true
> WITHOUT_SQUID_DELAY_POOLS=true
> WITHOUT_SQUID_SNMP=true
> WITHOUT_SQUID_CARP=true
> WITHOUT_SQUID_SSL=true
> WITH_SQUID_PINGER=true
> WITHOUT_SQUID_DNS_HELPER=true
> WITHOUT_SQUID_HTCP=true
> WITHOUT_SQUID_VIA_DB=true
> WITHOUT_SQUID_CACHE_DIGESTS=true
> WITH_SQUID_WCCP=true
> WITH_SQUID_UNDERSCORES=true
> WITH_SQUID_CHECK_HOSTNAME=true
> WITHOUT_SQUID_STRICT_HTTP=true
> WITH_SQUID_IDENT=true
> WITHOUT_SQUID_USERAGENT_LOG=true
> WITHOUT_SQUID_ARP_ACL=true
> WITHOUT_SQUID_PF=true
> WITH_SQUID_IPFILTER=true
> WITH_SQUID_FOLLOW_XFF=true
> WITHOUT_SQUID_AUFS=true
> WITHOUT_SQUID_COSS=true
> WITHOUT_SQUID_LARGEFILE=true
> WITHOUT_SQUID_STACKTRACES=true
> WITH_SQUID_RCNG=true
>
> In the squid.conf file I've made (what I think) are the appropriate changes:
>
> http_port 3128
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> and lastly, this is what my rc.conf looks like:
>
> hostname="Gohan"
>
> squid_enable="YES"
>
> firewall_enable="YES"
> firewall_type="open"
> firewall_quiet="NO"
> firewall_logging="YES"
>
> # IPFILTER enabled
> ipfilter_enable="YES"
> ipfilter_program="/sbin/ipf"
> ipfilter_rules="/etc/ipf.rules"
> ipfilter_flags=""
>
> ipfw add allow all from any to 192.168.1.2 80
> ipfw add fwd 192.168.1.2 tcp from any to 192.168.1.2 3128
> ipfw add fwd 192.168.1.2,3128 tcp from any to any 80,82,3128 out recv
> 192.168.1.2 xmit 129.186.215.57
>

At one time I did that with IPFW, I have found pf much easier to set 
up.  Take a look at http://www.benzedrine.cx/transquid.html if you are 
interested.

ed

More information about the freebsd-net mailing list