Re: transparent Squid 2.5Stable10 + FreeBSD 5.3

Mon, 20 Jun 2005 10:32:59 -0700 

Quoting Ryan Rathje <[EMAIL PROTECTED]>:


Here's my FreeBSD setup

Nic1 -> outside (123.456.789.10)
Nic2 -> internal (192.168.1.2)

Here's my client Win2k setup

IP: 192.168.1.5
MASK: 255.255.255.0
GW: 192.168.1.2

-------------------------------------

I have FreeBSD 5.3 installed with the modified kernel options

options         IPFILTER
options         IPFILTER_LOG
options         NMBCLUSTERS=32768
options         IPFIREWALL
options         IPFIREWALL_FORWARD
options         IPFIREWALL_DEFAULT_TO_ACCEPT

in a machine with 2 NICS ( NIC1 -> outside work; NIC2 -> interal network
(192.168.1.2).  I configured Squid with the ARG --enable-ipf-transparent, and
ths is what my options (/var/db/ports/squid/) file looks like for configuring Squid: 

# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for squid-2.5.10_1
_OPTIONS_READ=squid-2.5.10_1
WITHOUT_SQUID_LDAP_AUTH=true
WITHOUT_SQUID_DELAY_POOLS=true
WITHOUT_SQUID_SNMP=true
WITHOUT_SQUID_CARP=true
WITHOUT_SQUID_SSL=true
WITH_SQUID_PINGER=true
WITHOUT_SQUID_DNS_HELPER=true
WITHOUT_SQUID_HTCP=true
WITHOUT_SQUID_VIA_DB=true
WITHOUT_SQUID_CACHE_DIGESTS=true
WITH_SQUID_WCCP=true
WITH_SQUID_UNDERSCORES=true
WITH_SQUID_CHECK_HOSTNAME=true
WITHOUT_SQUID_STRICT_HTTP=true
WITH_SQUID_IDENT=true
WITHOUT_SQUID_USERAGENT_LOG=true
WITHOUT_SQUID_ARP_ACL=true
WITHOUT_SQUID_PF=true
WITH_SQUID_IPFILTER=true
WITH_SQUID_FOLLOW_XFF=true
WITHOUT_SQUID_AUFS=true
WITHOUT_SQUID_COSS=true
WITHOUT_SQUID_LARGEFILE=true
WITHOUT_SQUID_STACKTRACES=true
WITH_SQUID_RCNG=true

In the squid.conf file I've made (what I think) are the appropriate changes:

http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

and lastly, this is what my rc.conf looks like:

hostname="Gohan"

squid_enable="YES"

firewall_enable="YES"
firewall_type="open"
firewall_quiet="NO"
firewall_logging="YES"

# IPFILTER enabled
ipfilter_enable="YES"
ipfilter_program="/sbin/ipf"
ipfilter_rules="/etc/ipf.rules"
ipfilter_flags=""

ipfw add allow all from any to 192.168.1.2 80
ipfw add fwd 192.168.1.2 tcp from any to 192.168.1.2 3128
ipfw add fwd 192.168.1.2,3128 tcp from any to any 80,82,3128 out recv
192.168.1.2 xmit 129.186.215.57
At one time I did that with IPFW, I have found pf much easier to set up. Take a look at http://www.benzedrine.cx/transquid.html if you are interested. 

ed

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to