Re: FreeBSD question

On Mon, Mar 13, 2000 at 04:00:59PM -0500, Sean Lutner wrote:
> Ahsan Khan wrote:
>
> The machine in question IS the firewall, it is not behind it.
...
> > > I'm new to this list and have a few (simple I hope) question regarding
> > > squid under FreeBSD. I've scoured the FAQ and list archive for specifics
> > > on my situation but have found nothing that helps.
> > >
> > > Heres the setup...
> > >
> > > I'm setting out to have a transparent proxy/cache squid server running.
> > > The machine I intend to put it on is also the firewall/nat/dns/dhcp
> > > server for our office. All the traffic outbound from the office is
> > > coming from a private RC1918 network (192.168.x.x). There are two
> > > interfaces on the machine and everything gets redirectd out.
> > >
> > > I found a few firewall (ipfw) rules and a kernel option and tried them
> > > out, but when I started up squid with the new ipfw rules no one could
> > > get anywhere port 80.
> > >
> > > Here are the two rules...
> > > $fwcmd add 49 allow tcp from 192.168.1.1 to any
> > > $fwcmd add 50 fwd 127.0.0.1 tcp from any to any 80

I believe on FreeBSD you will have to switch to using the ipnat and ip
filter package, instead of ipfw.

If you go through the FAQ sec 17 (Transparent Caching/Proxying) you
should see reference to ipfilter being required for squid under *BSD;
it's not enough to build it in to squid as an option, I think you have
to use it for your redirection. Also, do make sure you're using all
the required squid.conf options as listed there.

See <http://www.squid-cache.org/Doc/FAQ/FAQ-17.html>, especially the
beginning (17 and 17.1), and Duane Wessels' section on FreeBSD
<http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.6>

  -- Clifton

-- 
 Clifton Royston  --  LavaNet Systems Architect --  cliftonr@lava.net
      The named which can be named is not the Eternal named.