PF Squid Transparent Proxy
Daniel Hartmeier
daniel at benzedrine.cx
Tue Feb 15 14:53:30 PST 2005
On Tue, Feb 15, 2005 at 04:36:07PM -0600, Jason Hunt wrote:
> Has anyone got squid to work transparently using pf firewall rules? I came
> across some patch that support --enable-pf-transparent from 2002, but was
> wondering if there was some work around.
>
> I understand that you can do this on an OpenBSD system (apparently there is
> a port that does support --enable-pf-transparent), but was wondering about
> support for FreeBSD.
That code is only needed when you need squid to query original
destination addresses from pf via ioctl (when squid and pf are running
on the same host), for web servers that don't support HTTP 1.1 and the
HTTP Host: header (which are getting fewer).
The changes needed in squid were merged into the squid base
distribution, they are enabled using the --enable-pf-transparent
configure option.
The FreeBSD 5.3 port enables that option when you run WITH_SQUID_PF=1
make in /usr/ports/www/squid.
Some more details (which apply equally to pf under FreeBSD) can be found
on http://www.benzedrine.cx/transquid.html
Daniel
More information about the freebsd-pf
mailing list