transparent squid proxy + bridge
    Sergey Lyubka 
    valenok at gmail.com
       
    Wed Apr 20 01:22:15 PDT 2005
    
    
  
Hi there,
Recently I tried to make a transparent web proxy on a machine
that run in bridging mode. At last, I decided to make a patch.
Here it is for those who want to do the same.
One interface should be given an IP address so squid may do
a requests. Squid listens on 127.0.0.1:8080.
I am using pf firewall, with this redirection rule:
rdr on $int proto tcp from any to any port 80 -> (lo0) port 8080
This is what the patch does:
static void ether_input()
{
    ...
   if (packet_is_IP_packet && pf_enabled && mbuf_copy = copy_the_mbuf) {
        strip_ethernet_headers;
        run_the_firewall;
        if (packet_redirected_to_127.0.0.1)
            bypass_the_bridge
       free_the_mbuf_copy;
   }
  ...
}
The patch is small, so I include it inline.
Tested on 5.4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: if_ethersubr.c.patch
Type: application/octet-stream
Size: 1951 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20050420/9c2d4f33/if_ethersubr.c.obj
    
    
More information about the freebsd-hackers
mailing list