Should x-post this to the dev-list? I suppose so. -Michael
On Mon, Dec 5, 2011 at 10:35 AM, Michael <[email protected]> wrote: > I'm stuck getting the Squid3 w/ ipdw_transparent port to work as per > https://trac.macports.org/wiki/howto/SetupInterceptionSquid and I have > concerns Lion may have broken the current squid3 w/ ipfw_transparent > macport. > > I need an intercepting proxy on my dev box as have problem especially > aggravated by Dev Ops programming, I'm spending a great deal time > building out virtualized environments with the Vagrant tool; > specifically, in authoring base box definition postinstall shell > scripts. These scripts pull down countless yum packages in order to > build up the base image that I then later further provision with > either Puppet or Chef integration frameworks via scripts written in > Ruby. When things are dorked up like an apparent dependency problem in > the repo, I'm spending a great deal of time in debugging issues > especially when throttled behind a T1 connection resulting mind > numbing time spent in mostly twiddling my thumbs as I sit through > repeated pulls of dependencies to get to where the problem occurs. > > The intercept config example for FreeBsdIpfw at wiki.squid-cache.org > led me to a few corrections, but largely the macports wiki article > appears correct: > > The article in Step 3: Configure Mac OS X firewall fails to obviously > mention you need to Start Lion's Firewall through the System Panel -> > Security & Privacy -> Firewall tab. > > And I've tried the following to configure the firewall via the rule: > > sudo ipfw add 1013 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 recv en0 > > I verified the rule was set via > > sudo ipfw list > > and it returns: > > $ sudo ipfw list > 01013 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 recv en0 > 65535 allow ip from any to any > > and I also restarted the firewall just in case w/ each rule change. No dice. > > I've also configured the kernel as per Step 2: Configure Mac OS X > kernel' as described originally at: > > http://discussions.apple.com/thread.jspa?threadID=2308812&tstart=0 > > Maybe this portion changed w/ Lion? > > Once setup, the firewall never seems to redirect traffic dst-port 80 > traffic to Squid to handle, but if I directly configure the Squid > proxy settings (localhost:3128) into say Firefox it performs > flawlessly... So, the problem seems to be in the ipfw's forwarding of > any dst-port 80 traffic to squid to handle. > > Ideas? Is the problem with Apple's firewall or what? > > -Michael _______________________________________________ macports-users mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
