5 messages in org.freebsd.freebsd-ispSquid proxy 2.6 with FreeBSD 6.2| From | Sent On | Attachments |
|---|---|---|
| Anwarul Mamun | Sep 11, 2007 4:51 am | |
| Andrew Pantyukhin | Sep 11, 2007 11:55 am | |
| Anwarul Mamun | Sep 11, 2007 9:50 pm | |
| Andrew Pantyukhin | Sep 12, 2007 1:40 am | |
| Tek Bahadur Limbu | Sep 12, 2007 7:14 am |
| Subject: | Squid proxy 2.6 with FreeBSD 6.2 | |
|---|---|---|
| From: | Anwarul Mamun (mam...@freebsdmovement.org) | |
| Date: | Sep 11, 2007 9:50:21 pm | |
| List: | org.freebsd.freebsd-isp | |
I am using two different server. One is running under linux and using iptables from which i want to forward http traffic to the FreeBSD box where i am running Squid proxy and want to make it run as transparent proxy. The problem is that the FreeBSD box is not working as a transparent proxy in this scenario. It seems that the Squid proxy server at FreeBSD box doesn't see the packet forwarded to it through the linux server.
Any suggestion?
On 9/12/07, Andrew Pantyukhin <info...@freebsd.org> wrote:
On Tue, Sep 11, 2007 at 05:23:28PM +0600, Anwarul Mamun wrote:
Hi All!
I have a linux gateway server (using iptables on this) where my client hit first. I want to direct the http traffic to the proxy server based on FreeBSD ( i mean transparent proxy). I am using FreeBSD 6.2 and Squid proxy 2.6. I have directed the http traffic from my linux gateway server to the proxy server on FreeBSD as below. But the transparent proxying does not work. Is there anyone worked with the issues on transparent proxy with FreeBSD 6.2. who may suggest in this case?
/sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport 80 -j DNAT --to 172.16.3.1:8080 /sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport 8080 -j DNAT --to 172.16.3.1:8080
Assuming your squid config is right, you should stop modifying packets (with little knowledge of iptables, I think -j DNAT --to ... does that). If you manage to reroute unmodified packets to the FreeBSD box, you'll need something like this to set up its ipfw:
$cmd add 100 fwd 127.0.0.1,3128\ proto tcp src-ip $lan_local not src-ip me not dst-ip me\ dst-port $http_ports $cmd add 200 allow via lo0 $cmd add 500 deny dst-ip me dst-port 3128 not src-ip $lan_local