Tue, Jun 28, 2016 at 01:48:30PM -0400, Ataro via freebsd-ipfw: > Hi there, > > I've set up a FreeBSD machine inside a VirtualBox machine and used IPFW to > redirect all the requests to the internet through a squid proxy server > running on the same machine in port 3128 in intercept mode (also known as > transparent proxy mode). > > The problem is that I need a way to identify the packets that originates from > the squid server and let them pass out to the Internet but all other packets > must go through the squid server. > > my IPFW rules looks like the following: > ipfw -f flush > ipfw add 50 pass all from any to any via lo0 > ipfw add 100 pass all from any to any proto udp > ipfw add 150 pass icmp from any to any > ipfw add 200 fwd 127.0.0.1,3128 tag 1111 tcp from me to any > ipfw add 250 pass all from 10.0.2.15 to any tagged 1111 > > Unfortunately, the packets that originates from the squid server redirected > back to itself and I don't find a way to allow them pass out. > > Is someone here have an idea? > > Regards, > > Ataro. > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
Hello, Run the squid server as a separate user, and use the uid match pattern. Cheers, Thomás _______________________________________________ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
