On Tuesday 17 June 2003 02.21, Andrew Thomson wrote:
> my first question relates to the --enable-ipf-transparent
>
> do I need it on freebsd 5.0??
You always need one of the transparent configure options. Which one
you need varies with platform and interception method used.
> if I try and compile it with this setting i get the following
> configure output.
> checking if IP-Filter header files are installed... no
> WARNING: Cannot find necessary IP-Filter header files
> Transparent Proxy support WILL NOT be enabled
>
> However my kernel is compiled with firewall support.
It is possible FreeBSD 5.0 has changed the firewall implementation and
no longer is using IP-Filter.
> I'm also running a setup where I have a freebsd firewall which will
> fwd the packets to the freebsd squid server.
In such case you should do the redirection by routing, not NAT. Squid
needs to run on the same box which performs the NAT to be able to
derive the original destination address. If you NAT on a separate box
then this information will be hidden from the proxy box, making it
impossible for Squid to query the system what the original
destination IP address was.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Tue Jun 17 2003 - 01:48:25 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:23 MST