Re: How can I turn off port 80 on a transparent proxy?

From: Henrik Nordstrom <>
Date: Thu, 10 Sep 1998 01:23:49 +0200

Evan Jones wrote:

> I have found), you need to turn on the HTTPD Accelerator (httpd_accel
> virtual 80). Well that accelerator runs on port 80 of my firewalling

This does not move Squid to port 80, it tells Squid that it should
contact the origin servers on port 80. No acceleration is enabled by
simply adding this directive to squid.conf.

> That is bad for two reasons: Number one, because I want to be able
> to add an httpd to my firewalling machine in the future.
> Number two, because I don't want others being able to see the cache
> from the Internet, like they currently can.

Both these questions are from a bad ipfwadm ruleset. This is not a Squid

> So is this just a setup issue?

Yes. It is a transproxy setup issue in how you redirect the traffic to
Squid, or more explicit: your ipfwadm rules.

> Do I need to be running transproxyd to
> achieve what I want?

No, transproxy is not needed. It does not change any of your problems.
Currently transproxyd is only needed by those that are running ipfilter,
which I assume you are not as you said your are running Linux..

To do what you want you have to ensure two things.
1. That traffic that is intendet for the local http server on this host
is not redirected to Squid. This is done by havin non-redirecting accept
rules before your redirecting rule.
2. That only traffic generated from the inside is redirected to Squid.
This is done by limiting the redirection to your internal interface.

# Accept requests to this host
ipfwadm -I -a accept -D
ipfwadm -I -a accept -D
# Redirect other HTTP requests arriving from the inside
ipfwdam -I -a accept -P tcp -D 0/0 80 -r 3128 -V

Henrik Nordström
Sparetime Squid Hacker
Received on Thu Sep 10 1998 - 03:54:09 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:55 MST