[squid-users] FreeBSD 4.9 as a gateway and transparent squid to another box senario.

From: <evansg@dont-contact.us>
Date: Thu, 21 Oct 2004 21:11:02 +0300

Hello,
I have the following problem.
I use freebsd 4.9 as a gateway. Also i have a solaris server with the latest
squid as a trasparent proxy.

I have an fxp0 interface connected to a cisco router and a bge0 interface
connected to a switch. (its a layer 3 switch doing intervlan routing)

The problem is that when i try to tell to freebsd's ipnat or ipfw (i have try
both of them) to redirect all the port 80 traffic to squid 8080 port NOTHING
happens.

I have seen that the problem occurs only when squid proxy and my workstations
are connected to the same freebsd's interface (fxp0). Maybe freebsd loops the
traffic back to squid proxy and this continues all the time... When I connect
squid to another interface as fxp1 everything seems ok (trasparency works perfectly)

This DOES NOT WORK
                                             |---------|----------squid proxy
ROUTER <---fxp0-> |FREEBSD| <-bge0---------->| switch |------workstation2
                                             |---------|---workstation1

This WORKS

                                             |---------|
ROUTER <---fxp0-> |FREEBSD| <-bge0---------->| switch |------workstation2
                      | |---------|---workstation1
                      |
                     fxp1
                      |
                      |
                   squid proxy

I have tried to exclude squid ip but this had no effect. The same problem occurs...

I use

ipfw add fwd squid_ip,8080 tcp from any to any 80

or

ipfw add fwd squid_ip,8080 tcp from ! squid_ip to any 80

or

ipfw add fwd squid_ip,8080 tcp from workstaion1_ip to any 80

or

rdr xl0 0.0.0.0/0 port 80 -> squid_ip port 8080 tcp

The question is: Can i connect squid proxy to the same interface and not loop
from freebsd back to squid proxy?
Also i have to say that when i use freebsd as a trasparent squid (i redirect web
traffic to 127.0.0.1:8080 everything works perfectly)

I would appreciate any help with my problem.

Thanks a lot,

Vangelis Souglakos
Received on Thu Oct 21 2004 - 12:11:06 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:02 MST