* Jay W. Reffner ([EMAIL PROTECTED]): (I am the maintainer of the FreeBSD squid port)
> Does anyone know if you're supposed to use ipfilter or ipnat on FreeBSD > 5.1 to get Squid to work in transparent mode? Also, does anyone have a > simple rule file they wouldn't mind sharing to aid me in configuring > mine? Thanks a bunch in advance. You cannot build squid with ipfilter support (unless you know what you are doing) on FreeBSD nowadays; see the FreeBSD-PR 60700 for details. You can, however, use ipfw(4). If you update your FreeBSD installation to 5-CURRENT you could also use pf(4) which was recently imported from OpenBSD; I added experimental support but did not try whether it does the right thing and got no user feedback yet. I was told that the following ipfw(4) setup should do the trick by a user recently via personal mail (BTW, could someone (hno?) update the FAQ regarding transparent proxying on FreeBSD?): | In ipfw I have two rules: | | fwd 127.0.0.1,8888 tcp from any to any dst-port 80 out recv fxp0 xmit bge0 | // Squid proxy // | fwd 127.0.0.1,8888 tcp from any to any dst-port 8080 out recv fxp0 xmit bge0 | // Squid proxy on 8080 // | | one is catching connections to port 80, another one to port 8080 | 127.0.0.1 - 8888 is the interface where squid is listening, | fxp0 - interface to LAN | and bge0 - interface to Internet. | | and few changes to squid.conf - but this is I am sure is documented. | I also have runing apache on my host, to which I can connect | without touching the proxy. | | I checked the squid faq, | ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80 | This doesn't work, because it would catch the outgoing connections | which squid try to establish to web server, and redirect again | back to him. | as well as there is not correct | httpd_accel_port ... in FAQ is set 80, | but it has to be 0.. otherwise if I catch connections to 8080, | squid try to connect to port 80 on web server - and it doesn't | work. | | squid faq should be updated I think..
