I have a FreeBSD transparent proxy working on local lan. Where the workstation's NIC has its gateway set to the proxy server's internal ip address. Everything works fine.

Problem is when I move my workstation from the local lan where the proxy
server resides, on to the 10.4.0.0 network, this is across a WAN link, Transparent proxy stops working it appears no web traffic is getting to the proxy, and I'm not able to get to ant web site. I am able to ping the proxy server, and use the proxy if I utilize a pac file, and drop the IPFW rules.


I should also note that I have transparent proxy running under Debian using iptables, across the WAN link, but want to move to FreeBSD. So I feel my routers are setup correctly.

I suspect the problem is with my IPFW rules or NAT configuration but I'm not sure.

FreeBSD 6.1
Kernel was recompiled with:
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT

RC.CONF contains
gateway_enable="YES"
ifconfig_xl0="inet x.x.x.x. netmask 255.255.255.0"
ifconfig_xl1="inet x.x.x.x  netmask 255.255.255.0"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="xl1"
natd_flags=""

CISCO router has the following configured

access-list 199 permit tcp 10.4.0.0 0.0.255.255 any eq www
access-list 199 deny   ip any any

route-map redirect-proxy permit 10
match ip address 199
set ip next-hop <proxy server internal ip>

My IPFW rules:
ipfw -q flush
ipfw add divert natd all from not me to any via <outside interface>
ipfw add fwd 127.0.0.1:8000 tcp from any to any 80

squid complied with
SQUID_CONFIGURE_ARGS+=--enable-pf-transparent"

SQUID.CONF
httpd_accel_host virtual
httpd_accel_port 0
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
header_access Via deny all
header_access X-Forwarded-For deny all


Thank you for taking the time to look. Any advice or troubleshooting tips are welcome.

_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to