IPFW & SQUID & 2 bsd boxes & 2 different internet routers
leon at trusc.net
Fri Feb 27 03:42:16 PST 2004
Here is something that gave me uphill for a long time which I thought I
might share with anyone who is interested.
The problem was the traffic was too much for the one line so we installed a
How to divert all the http 80 stuff down the second line using a second box
as a proxy?
Box A is the bsd gateway with nics IIF and OIF.
Runs ipfw which forwards the tcp 80 connections from the IIF network to box
It has a default gateway of internet router C
Box B is the squid proxy running in httpd accelerator mode with one nic on
the same network as the Box A OIF.
Runs ipfw which forwards the tcp 80 connections coming into it to
It has a default gateway of internet router D
The answer is all in the ipfw rules.
On box A:
Add this rule AFTER the natd rules
Ipfw add (rulenumber) fwd (Box B) tcp from any to any 80 out via (oif)
On box B:
Ipfw add (firstrulenumber) fwd 127.0.0.1,3128 tcp from any to any 80 in via
That rule forwards all incoming requests to the squid running on the
If you are stuck with only one box do this in the rules:
Ipfw add fwd 127.0.0.1,3128 tcp from any to any 80 in via IIF
Ipfw fwd (router for the http) tcp from any to any 80 out via OIF
Any suggestions, improvements or shoot me downs are welcome.
More information about the freebsd-questions