[EMAIL PROTECTED] wrote:
>
> On 1 Feb, Julian Elischer wrote:
> = > We have a single firewall machine and a _separate_ machine running
> = > squid proxy (both servers are on the same network wire).
> = >
> = > How do I catch all of the outgoing http requests and send them
> = > through squid?
> = >
> = > I tried
> = >
> = > ipfw add fwd squid,3128 tcp from any to any http
> = >
> = > but it does not seem to work -- squid never gets contacted. All of
> = > the recipes out there describe the setups with squid and the
> = > firewall being on the same machine. What else do I need to do?
> =
> = I assume squid is the name of the other machine? you need to have the
> = same rule in the ipfw on that machine too.
>
> Yes. Ok. This is what I just added to the squid-machine:
>
> ipfw add allow ip from any to any out
> ipfw add fwd localhost,3128 log tcp from any to any 3128 in
Do not change the port in the first machine. Maybe even better, do not
change the port at all, and let squid listen on port 80 also!
>
> = otherwise it will reflect the packet back at it's original destination
> = as it still has headers saying it wants to go there. (It's unaltered).
>
> The firewall machine logs
>
> ipfw: 3000 Forward to squid.ip:3128 TCP client.ip:3977 web.server.ip:80 in via dc0
>
> But the client still talks to the web-server directly :( The squid's log
> is quiet... Anything I'm missing? Perhaps, I need a user-space program
> of some sort to run on the firewall to do the tunneling? Thanks!
IIRC, ipfw fwd to another machine does not change tcp port number, that why
I suggested the above.
Jonny
--
João Carlos Mendes Luís [EMAIL PROTECTED]
Networking Engineer [EMAIL PROTECTED]
Internet via Embratel [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
