On Mon, Sep 13, 2010 at 11:53 AM, Nathan Vidican <nat...@vidican.com> wrote: > > Hey all - I've been trying to implement a transparent proxy for all outgoing > traffic to port 80 to forward to a proxy server. The problem is that the > proxy itself resides on a different host than the forward rule does. Has > anyone done something similar? Ideally I'd like to implement with ipfw, but > not opposed to other suggestions? > > Internet -> firewall/gateway -> proxy server -> LAN/clients > > Where the firewall/gateway is the central router for multiple networks, > including the public subnet which 'proxy server' gets it's external IP for. > So ideally I would like something along the lines of this (assuming the proxy > server is running on 10.1.1.12:3128): > > ipfw add 600 fwd 10.1.1.12,3128 tcp from 10.1.2.0/24 to any 80 via 10.1.2.254 > ipfw add 600 fwd 10.1.1.12,3128 tcp from 10.1.3.0/24 to any 80 via 10.1.3.254 > ipfw add 600 fwd 10.1.1.12,3128 tcp from 10.1.1.0/26 to any 80 via 10.1.1.1 > > I have tried the identical rules to above using 127.0.0.1,3128 - of course > starting up squid on the gateway machine too... the problem is that machine > simply doesn't have the resources and I'd prefer to run squid on a different > host. > > Any suggestions or referrals to RTFM somewhere would be greatly appreciated. > Thanks. > > -- > Nathan Vidican > nat...@vidican.com >
Go figure, five minutes after posting I found what I needed in squid's documentation. FYI in case anyone comes accross this thread, what I had been doing wrong was 'http_port 3128 transparent' should have been 'http_port 3128 intercept' instead. See this link for more details: http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdIpfw -- Nathan Vidican nat...@vidican.com _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
