On Mon, Sep 20, 1999 at 10:07:09PM +0200, Dan Larsson wrote:
> > -----Ursprungligt meddelande-----
> > Från: Clifton Royston [SMTP:cliftonr@malasada.lava.net]
> > Skickat: den 20 september 1999 21:49
> > Till: Dan Larsson
> > Kopia: 'squid-users@ircache.net'
> > Ämne: Re: transparent proxying/caching with freebsd
...
> > Which "both" sides are you talking about? It's unclear from your
> > question how the first (non-Squid) BSD machine comes into the picture at
> > all. If you're using it as a router with gated or a firewall host or
> > something like that, then it's an issue of using the routing or packet
> > redirection features of whatever software you're using on it.
>
> Both sides as in redirecting/forwarding box (machine A) and caching box
> (machine B)
>
> > If they can't do it, you may be able to use the NAT features of ipnat, which
> > is part of the IP filters package, but I'm not sure how ipnat would interact
> > with other software you might be running.
>
> Machine A is compiled with IPFIREWALL and IPFIREWALL_FORWARD running no
> routing daemons however enable_gateway is set to YES
I think then maybe you want to install the IP Nat and IP filters package on
machine A and run it with some IPNAT rules like this. The following needs
to be read in conjunction with the FAQ examples, especially 17.1, at
<http://www.squid-cache.org/Doc/FAQ/FAQ-17.html>:
Assume machine A is 10.2.3.4 and machine B is 10.2.3.5, then you want the
following in /etc/ipnat.rules:
# Redirect direct web traffic to local web server.
rdr de0 10.2.3.4/32 port 80 -> 10.2.3.4 port 80 tcp
# Redirect everything else to squid on port 3128
rdr de0 0.0.0.0/0 port 80 -> 10.2.3.5 port 3128 tcp
My one concern is whether this will actually end up forwarding the packets
back out after rewriting them. I think the IPFIREWALL_FORWARD and
enable_gateway will do this, but I've never tried a configuration like this.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr@lava.net
"An absolute monarch would be absolutely wise and good.
But no man is strong enough to have no interest.
Therefore the best king would be Pure Chance.
It is Pure Chance that rules the Universe;
therefore, and only therefore, life is good." - AC
Received on Mon Sep 20 1999 - 15:11:05 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:29 MST