[squid-users] Transparent Proxy and FreeBSD - please :-)

*** big mail ***

Hi,

I'm having a problem with Transparent Proxy and FreeBSD.
I'm using Squid-2.4.STABLE1 and FreeBSD 4.3. I already read all the
possible documents at squid site and freebsd site and I could not solve
my problem. Can anyone help-me?

Well, first I change squid configure script lines:
from:
        case "$GCCVER" in
        2.95.[12])
to:
        case "$GCCVER" in
        2.95.[123])

then I run
configure --enable-snmp --enable-ipf-transparent
--enable-storeio=diskd,ufs --enable-err-language=Portuguese
make all
make install

My squid.conf:
http_port <proxyserverIP>:3128
hierarchy_stoplist cgi-bin ? & chat bate papo
acl QUERY urlpath_regex cgi-bin \? & chat bate papo
no_cache deny QUERY
cache_dir ufs /usr/local/squid/cache 100 16 256
reference_age 2 days
acl all src 0.0.0.0/0.0.0.0
acl mynet src <mynet>/<mymask>
acl mrtg src <mrtgIP>/255.255.255.255
acl snmppublic snmp_community community
http_access allow mynet
http_access deny all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
forwarded_for on
snmp_port 3401
snmp_access allow snmppublic mrtg
snmp_access deny all

I starded squid with RunCache

My freebsd box have 2 ethernet cards doing bridge between internal and
external network and only internal card have a IP (the same IP used in
squid.conf).

The kernel was configured with the follow options:

options TCP_COMPAT_42
options MROUTING
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options IPSTEALTH
options TCPDEBUG
options ACCEPT_FILTER_DATA
options ACCEPT_FILTER_HTTP
options TCP_DROP_SYNFIN
options TCP_RESTRICT_RST
options ICMP_BANDLIM
options DUMMYNET
options BRIDGE

I have the follow options set to 1:
net.link.ether.bridge=1
net.link.ether.bridge_ipfw=1
net.inet.ip.forwarding=1

My ipfw rules are the follow:

# to prevent NO LOOP
ipfw add 4970 allow tcp from <proxyserver>/32 to any 80
# Redirect output port 80 to proxy server
ipfw add 4980 fwd <proxyserver>/32,3128 tcp from <mynet>:<mymask> to any
80

When I run "ipfw show" I see that the packets are passing trought the 4980
rule. I also did log. But the 4970 have the count always 0.

The squid is running ok when the browser is configured to access from
proxy. But the transparent proxy is not ok.

Can anyone help me, please?

Thanks

Até mais,

---
Vitor Renato Alves de Brito - System Manager
Arte Final Provedor Internet - http://www.artefinal.com.br
Provedor Afiliado UOL - Alfenas/Lavras - Sul de Minas Gerais