On  1 Feb, Julian Elischer wrote:
= > We have a  single firewall machine and a  _separate_ machine running
= > squid proxy (both servers are on the same network wire).
= >
= > How  do I  catch all  of the  outgoing http  requests and  send them
= > through squid?
= > 
= > I tried
= > 
= >         ipfw add fwd squid,3128 tcp from any to any http
= > 
= > but it does not  seem to work -- squid never  gets contacted. All of
= > the  recipes  out there  describe  the  setups  with squid  and  the
= > firewall  being on  the same  machine. What  else do  I need  to do?
= 
= I assume squid is the name of  the other machine? you need to have the
= same rule in the ipfw on that machine too.

Yes. Ok. This is what I just added to the squid-machine:

        ipfw add allow ip from any to any out
        ipfw add fwd localhost,3128 log tcp from any to any 3128 in

= otherwise it will reflect the packet back at it's original destination
= as it still has headers saying it wants to go there. (It's unaltered).

The firewall machine logs

ipfw: 3000 Forward to squid.ip:3128 TCP client.ip:3977 web.server.ip:80 in via dc0

But the client still talks to the web-server directly :( The squid's log
is quiet... Anything  I'm missing? Perhaps, I need  a user-space program
of some sort to run on the firewall to do the tunneling? Thanks!

        -mi




To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Reply via email to