>From what I believe, I'm attempting to do something that has most likely been achieved before, but there is something that I'm missing. This is for my personal home setup.
I've built a flash-based CPE, which connects to our DSL network with mpd5. I've enabled NAT, and am using IPFW as the packet filter. I have a Squid proxy/content filter at my office that I would like to route all 80/443 traffic from my home connection, through the proxy. The proxy and the termination point of my home connection are located in two different PoPs, within different ASs. My desire is to have this proxy-routing enabled within the network hardware, as to not need to set application layer details on the PC(s) at home. At this point, I have the FBSD (7.2) gateway device set up with an SSH tunnel. The local tunnel endpoint terminates on a LAN interface which utilizes 1918 space. It listens for traffic on 172.16.250.1:80, and forwards it to the proxyIP:8080. When I configure a workstation's Firefox to use 172.16.250.1:80 as a proxy, everything works as expected. Now, I need to figure out a way so that the same setup will work, but with no proxy configured within Firefox. At this time, I'm recompiling the kernel on the gateway device to include IPFIREWALL_FORWARD. I'm going to try a fwd rule to pass all traffic destined to *:80 to 172.16.250.1:80, in hopes that the traffic will be first redirected to itself, and therefore through the SSH tunnel to the proxy. My past experience with this however, is that FBSD will complain that the dst IP doesn't reside on the box. Does anyone have any suggestions or comments they can share regarding such a setup? Steve _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
