On 1 Feb, Julian Elischer wrote:
= > We have a single firewall machine and a _separate_ machine running
= > squid proxy (both servers are on the same network wire).
= >
= > How do I catch all of the outgoing http requests and send them
= > through squid?
= >
= > I tried
= >
= > ipfw add fwd squid,3128 tcp from any to any http
= >
= > but it does not seem to work -- squid never gets contacted. All of
= > the recipes out there describe the setups with squid and the
= > firewall being on the same machine. What else do I need to do?
=
= I assume squid is the name of the other machine? you need to have the
= same rule in the ipfw on that machine too.
Yes. Ok. This is what I just added to the squid-machine:
ipfw add allow ip from any to any out
ipfw add fwd localhost,3128 log tcp from any to any 3128 in
= otherwise it will reflect the packet back at it's original destination
= as it still has headers saying it wants to go there. (It's unaltered).
The firewall machine logs
ipfw: 3000 Forward to squid.ip:3128 TCP client.ip:3977 web.server.ip:80 in via dc0
But the client still talks to the web-server directly :( The squid's log
is quiet... Anything I'm missing? Perhaps, I need a user-space program
of some sort to run on the firewall to do the tunneling? Thanks!
-mi
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
