On 27 Nov 2003 07:57:45 -0800, [EMAIL PROTECTED] (Thelmo Loisio) wrote: >On Wed, 2003-11-26 at 17:03, Greg Hennessy wrote: > >> You cant use a transparent proxy with a pure bridge. The connection to >> remote site goes out from the proxy server not the the client. > >Well, if you assign to the nics and IP address you can, but maybe this >for you isn't "pure bridge".
Thats it, you're now at layer 3 rather than Layer 2. >I've made another test, squid listen only on 127.0.0.1:3128 Thats the way I have it here. If you're not seeing anything in the squid logs, it sounds like the packet filtering is not quite right. KSF="keep state flags S/SA" TCP="inet proto tcp" UDP="inet proto udp" # Add redirect to allow transparent caching of port 80 traffic. # rdr on $Inside proto tcp from $Lan to !$Lan port www -> 127.0.0.1 port 3128 Then the following. # Localhost # pass quick on lo0 $TCP all $KSF pass quick on lo0 all keep state Then # allow but dont log the following # pass out quick on $Outside $TCP from ($Outside) to !$LAN port http user \ _squid $KSF queue (q_def, q_pri) label "ACCEPT: proxy I havent used PF @ L2, I prefer working @ L3. >the client >is configured to have the proxy on one ip assigned to one nic on the >bridged box and on the bridged box i've a rdr rule that catch the >connection to that ip... well in this configuration everything is >working good. Thats inline rather than transparent. > >Any hint is really appreciated. Thanks two questions, you've compiled squid with --enable-pf-transparent enabled ? Have you followed the instructions here. http://www.benzedrine.cx/transquid.html If you just want to implement a transparent cache, putting a route map on your inside cisco and use policy based routing to hand off to squid would be the way I'd do it. greg -- $ReplyAddress = Use google to figure it out. The Following is a true story..... Only the names have been changed to protect the guilty.
