On Mon, Sep 13, 2010 at 11:53 AM, Nathan Vidican wrote:
>
> Hey all - I've been trying to implement a transparent proxy for all outgoing
> traffic to port 80 to forward to a proxy server. The problem is that the
> proxy itself resides on a different host than the forward rule does. Has
> anyone done something similar? Ideally I'd like to implement with ipfw, but
> not opposed to other suggestions?
>
> Internet -> firewall/gateway -> proxy server -> LAN/clients
>
> Where the firewall/gateway is the central router for multiple networks,
> including the public subnet which 'proxy server' gets it's external IP for.
> So ideally I would like something along the lines of this (assuming the proxy
> server is running on 10.1.1.12:3128):
>
> ipfw add 600 fwd 10.1.1.12,3128 tcp from 10.1.2.0/24 to any 80 via 10.1.2.254
> ipfw add 600 fwd 10.1.1.12,3128 tcp from 10.1.3.0/24 to any 80 via 10.1.3.254
> ipfw add 600 fwd 10.1.1.12,3128 tcp from 10.1.1.0/26 to any 80 via 10.1.1.1
>
> I have tried the identical rules to above using 127.0.0.1,3128 - of course
> starting up squid on the gateway machine too... the problem is that machine
> simply doesn't have the resources and I'd prefer to run squid on a different
> host.
>
> Any suggestions or referrals to RTFM somewhere would be greatly appreciated.
> Thanks.
>
> --
> Nathan Vidican
> nat...@vidican.com
>
Go figure, five minutes after posting I found what I needed in squid's
documentation. FYI in case anyone comes accross this thread, what I
had been doing wrong was 'http_port 3128 transparent' should have been
'http_port 3128 intercept' instead. See this link for more details:
http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdIpfw
--
Nathan Vidican
nat...@vidican.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
