IPFW, Nat and transparent proxy ( on different machines )
Darcy Buskermolen
darcy at wavefire.com
Fri Aug 1 16:16:07 PDT 2003
On your curent box doing nat add the following rules:
add skipto (skip over the next rule) tcp from squid.mynet to any dest-port 80
add fwd squid.mynet tcp from any to any dst-port 80 in via internaif
make sure both those rules are found AFTER your nat divert rules.
on your new squid box:
add fwd 127.0.0.1,3128 tcp from internalnet to not me dst-port 80 via
internalif
This is how I have mine running, and it works like a charm.
Hope this helps
On Friday 01 August 2003 11:21, CPD - Equipe de Segurança wrote:
> Dear gentleman,
>
>
> So far I've been running a FreeBSD 4.7 machine which runs NAT, IPFW and
> Squid , acting like a transparent proxy/cache , NAT box and packet
> filter/firewall.
>
> Now, the load is getting too heavy, so I'd like to use a second machine
> (with a second WAN link ) as a separate proxy for the HTTP traffic.
>
> Question is, how can I set up IPFW/NAT to send all the HTTTP ( port 80
> only ) traffic that comes on the internal interface ( 192.160.0.1 ) to the
> new proxy-only machine's internal interface ( 192.168.0.2), and still have
> the rest of the traffic flowing normally through the other gateway, which
> will now run only NAT and IPFW as firewall.
>
> It's confusing somehow, I hope I managed to be clear enough.
>
> Thanks for any insight,
>
> - Alexandre
>
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
--
Darcy Buskermolen
Wavefire Technologies Corp.
ph: 250.717.0200
fx: 250.763.1759
http://www.wavefire.com
More information about the freebsd-ipfw
mailing list