Hi, You will want to make sure that you have this rule before the divert rule
allow tcp from (live ip address) to any otherwise squid will go into a forwarding loop. You do not need ip-transparent if you are using IPFW to do the divert. Oh yes the headers are from the live ip of the squid box. I know there is a way to pass the clients ip to the remote site. Check on the squid web page regarding that. Kind Regards Doron Shmaryahu -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Thomson Sent: 13 June 2003 09:14 AM To: [EMAIL PROTECTED] Subject: Re: more transparent proxy and squid questions. oh, and does squid need to be compiled with CONFIGURE_ARGS+= --enable-ipf-transparent given the firewall does the divert to the squid box ?? ta, ajt. On Fri, Jun 13, 2003 at 05:04:38PM +1000, Andrew Thomson wrote: > I'm not looking for help at setting this up as such, but rather a better > understanding of what's happening to the packets in this situation. > > I have a freebsd firewall/gateway box. > > I then fwd the port 80 requests to the squid box on port 3128 > > squid then i imagine process the request.. does squid then make the same > http request with it's ip as the source? > > perhaps an illustration might be helpful. > > wall/gwy = 192.168.1.1 > squid = 192.168.1.2 > user = 192.168.1.3 > > user makes an http request. > > ipfw rule on wall diverts to squid: > > ipfw add 50 fwd 192.168.1.2,3128 tcp from any to any 80 > > does squid then make the request with it's ip? > > thus we'd need something like, > > ipfw add 45 allow tcp from 192.168.1.2 to any 80 > > squid updates the cache/passes the data back to the user?? > > thanks, > > ajt. > > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"