Transparent Squid 2.5Stable10 + FreeBSD 5.4

Ryan Rathje mrsharky at iastate.edu
Wed Jun 22 13:33:40 GMT 2005 

Fooler,
  Thanks for the suggestion thus far, it did clear some up.  When I use your 
suggestion of:

ipfw add fwd 127.0.0.1,3128 tcp from any to any 80 in via em0

1 FreeBSD configured as a gateway with 2 nics
sis0 - outside world nic
em0 - internal network nic  

it appears to have some communication, but not all.  Here's what I mean:  This 
is the output from ethereal when trying to visit the google website:

192.168.1.5 -> 216.239.39.99  TCP  3694 > http [SYN] seq=0 ack=0 win=16384 
Len=0 MSS=1460
216.239.39.99 -> 192.168.1.5  TCP  http > 3694 [SYN, ACK] seq=0 ack=1 
win=16384 Len=0 MSS=1460
192.168.1.5 -> 216.239.39.99  TCP  3694 > http [ACK] seq=1 ack=1 win=17520 
Len=0
192.168.1.5 -> 216.239.39.99  HTTP GET / HTTP/1.1
216.239.39.99 -> 192.168.1.5  TCP  http > 3694 [FIN, ACK] seq=1 ack=300 
win=65535 Len=0
192.168.1.5 -> 216.239.39.99  TCP  3694 > http [ACK] seq=300 ack=2 win=17520 
Len=0
192.168.1.5 -> 216.239.39.99  TCP  3694 > http [FIN, ACK] seq=300 ack=2 
win=17520 Len=0
216.239.39.99 -> 192.168.1.5  TCP  http > 3694 [ACK] seq=2 ack=301 win=65534 
Len=0

As of right now, this is the only line in rc.conf, I know I need more (see 
below) but I'm starting to get a little confused about the order in which it's 
supposed to be listed.  If its not clear by now that I'm kind of new to Squid 
and FreeBSD, I'm stating it for the record, I'm a newbie.  Thanks all in 
advance.

> -----Original Message-----
> 
> ipfw add allow all from any to 192.168.1.2 80
> ipfw add fwd 192.168.1.2 tcp from any to 192.168.1.2 3128
> ipfw add fwd 192.168.1.2,3128 tcp from any to any 80,82,3128 out recv
> 192.168.1.2 xmit 129.186.215.57
>
> My gut feeling is it has something to do with my ipfw rules, any and ALL
help
> would get GREATLY appreciated.  thanks

yup your gut feeling is correct :->

you dont need to enable IPFILTER if you use IPFW...

your simple ipfw rule for transparent proxy looks like this:

ipfw add fwd 127.0.0.1,3128 tcp from any to any 80 in via <nic2 interface
name>

fooler.

More information about the freebsd-net mailing list