Hello everyone
We have a client using a FreeBSD firewall.
They have two links to the Internet, both of which work fine. They have a
simple request, to route all http traffic via their ADSL line, and anything
else via their wireless link to our ISP.
This works fine with route-to for http traffic routing it to the adsl router,
and having the default gateway pointed to the wireless link.
However, I want to enable transparent squid on the machine too.
I have tried two different ways to this.
1) Use ipfw to fwd the packets to localhost,3128 and then use pf to route-to
all http from 127.0.0.1 to any port 80
it does not work.
2) Use rdr in pf to forward the packets to squid, and then route-to the adsl
router
it also does not work
Here is my current pf rules:
---------------------------------------
wireless_if="fxp0"
adsl_if="xl0"
adsl_rtr="196.36.x.x"
lan_if="bge0"
lan_net="10.1.0.0/24"
# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
scrub in all
nat on $adsl_if from $lan_net to any -> ($adsl_if)
#rdr on $lan_if proto tcp from $lan_net to any port www -> 127.0.0.1 port 3128
pass in quick on $lan_if route-to ( $adsl_if $adsl_rtr ) inet proto tcp from
$lan_net to any port 80 keep state
--END
If I enable the rdr rule, the packets get to the transparent proxy and works
fine, but it does not route via the adsl router.
Even if I change the route-to rule so that it works on lo0 from localhost it
still goes via the wireless.
Any suggestions would be appreciated.
Thanks
Wayne Swart
