tproxy on freebsd

[Volker]

On 12/23/-58 20:59, zen wrote:
>> i don't have a problem with this but i am going to be setting up a
>> similar setup and would appreciate the help a working setup would
>> provide.
>>
> any help will be appreciated, i could use a sample configuration file
> regarding this problem.

zen & others,

building a transparent proxy using pf + squid is an easy topic and
well documented on the net.

In detail, it's going that way:

pf (assuming nve0 is your local IF):
rdr on nve0 from any to any port 80 -> 127.0.0.1 port 3128
pass in on nve0 from any to any port 80 keep state
pass in on nve0 from any to 127.0.0.1 port 3128 keep state

Now, compile squid with transparent support and use:
'http_port 3128 transparent' in your squid.conf (assuming you're
running squid >= 2.6).

I'm running several hosts with a setup like that.

Also you may want to check out www/havp and use it as a transparent
proxy + squid as upstream proxy. That way you also have virus
protection for your internal users while surfing the web (I'm also
doing things like that as I found it a better solution that
squidclam or the like - YMMV).

> FYI i already running transparent proxy with ipf+ipnat,:
> 
> rdr nve0 0.0.0.0/0 port 80 -> 122.x.x.x port 3128 tcp
> 
> but with that configuration, still the proxy ip address that visible
> when my client using the proxy.

Don't understand that sentence. What address is visible to whom? And
which address do you want to 'hide'? If you don't want to leak your
internal addresses to any outside webserver, this is a squid issue
and there should (?) be configuration options for squid.

> is it me or just i cant achieve that with FreeBSD?
> because i hate to switch to other OS only because of this.

No need to switch! :)

You may find tons of infos using google or in the ML archives pf at .
Also pf@ or isp@ would be the appropriate list for questions like that.

HTH,

Volker