At 14/02/2003, P. U. Kruppa wrote:
On Thu, 13 Feb 2003, Dancho Penev wrote:
> On Thu, Feb 13, 2003 at 06:44:24PM +0100, P. U. Kruppa wrote:
> >Date: Thu, 13 Feb 2003 18:44:24 +0100 (CET)
> >From: [EMAIL PROTECTED] (P. U. Kruppa)
> >To: [EMAIL PROTECTED]
> >Subject: squid and ipfw ... fwd ...
> >
> >Hi!
> >
> >I am trying to setup a transparent proxy with Squid.
This should work, squid on port 3128 on the gateway of the intranet.
# Transparent Proxy -- ipfw (before divert rules) ....
${ipfwcmd} 0045 pass tcp from ${MY_EXTERNAL_IP} to any 80
${ipfwcmd} 0049 fwd 127.0.0.1,3128 tcp from any to any 80
--> minimal squid.conf
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_dir null /tmp
cache_access_log /usr/local/squid/logs/access.log
cache_log /usr/local/squid/logs/cache.log
ftp_user squid@
ftp_passive off
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl yournet src ${YOUR_NET_CLASS}
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ${YOUR_NET_CLASS}
http_access deny all
Please let me know...
Best Regards,
Gianmarco Giovannelli , "Unix expert since yesterday"
http://www.gufi.org/~gmarco
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
