Re: FreeBSD question from Sean Lutner on 2000-03-13 (squid-users)

From: Sean Lutner <slutner@dont-contact.us>
Date: Mon, 13 Mar 2000 16:45:59 -0500

Clifton Royston wrote:
>
> On Mon, Mar 13, 2000 at 04:00:59PM -0500, Sean Lutner wrote:
> > Ahsan Khan wrote:
> >
> > The machine in question IS the firewall, it is not behind it.
> ...
> > > > I'm new to this list and have a few (simple I hope) question regarding
> > > > squid under FreeBSD. I've scoured the FAQ and list archive for specifics
> > > > on my situation but have found nothing that helps.
> > > >
> > > > Heres the setup...
> > > >
> > > > I'm setting out to have a transparent proxy/cache squid server running.
> > > > The machine I intend to put it on is also the firewall/nat/dns/dhcp
> > > > server for our office. All the traffic outbound from the office is
> > > > coming from a private RC1918 network (192.168.x.x). There are two
> > > > interfaces on the machine and everything gets redirectd out.
> > > >
> > > > I found a few firewall (ipfw) rules and a kernel option and tried them
> > > > out, but when I started up squid with the new ipfw rules no one could
> > > > get anywhere port 80.
> > > >
> > > > Here are the two rules...
> > > > $fwcmd add 49 allow tcp from 192.168.1.1 to any
> > > > $fwcmd add 50 fwd 127.0.0.1 tcp from any to any 80
>
> I believe on FreeBSD you will have to switch to using the ipnat and ip
> filter package, instead of ipfw.
>
> If you go through the FAQ sec 17 (Transparent Caching/Proxying) you
> should see reference to ipfilter being required for squid under *BSD;
> it's not enough to build it in to squid as an option, I think you have
> to use it for your redirection. Also, do make sure you're using all
> the required squid.conf options as listed there.
>
> See <http://www.squid-cache.org/Doc/FAQ/FAQ-17.html>, especially the
> beginning (17 and 17.1), and Duane Wessels' section on FreeBSD
> <http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.6>

Uhhh....right in that section of the FAQ it tells you to use ipfw. The
issues were with older versions of FreeBSD. I read the FAQ several
times.

>
> -- Clifton
>
> --
> Clifton Royston -- LavaNet Systems Architect -- cliftonr@lava.net
> The named which can be named is not the Eternal named.

text/x-vcard attachment: Card for Sean Lutner

Received on Mon Mar 13 2000 - 14:47:52 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:05 MST