Re: [squid-users] Re: Hide squid cache server IP

From: kodel <kodelz@dont-contact.us>
Date: Wed, 13 Jul 2005 20:08:15 +0700

This is what I have in my network
and I'm only using my local network for testing this configuration

Webserver : 192.168.2.10
Squid : 192.168.2.50
Client : 192.168.2.100

rc.conf
-------------
#enabling ipfilter
ipfilter_enable="YES"
ipnat_enable="YES"
ipmon_enable="YES"
ipfs_enable="YES"

ipfilter_rules="/etc/ipf.rules"
ipnat_rules="/etc/ipnat.rules"

gateway_enable="YES"
--------------

squid.conf
------------
cache_dir diskd /usr/local/squid/var/cache 200 16 256 Q1=64 Q2=72
acl our_networks src 192.168.2.0/24
http_access allow our_networks
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
http_port 80

acl client1 src 192.168.2.100/255.255.255.0
tcp_outgoing_address 10.0.0.1 client1
-------------

ipnat.rules
-------------
bimap rl0 from 10.0.0.1/32 to 0.0.0.0/0 port = 80 -> 192.168.2.100/32
--------------

And when I try to open the webserver page from the browser's client,
it's just stand still.
I check if the NAT is already running and this is what I get :
----------------
#ipnat -l
List of active MAP/Redirect filters:
bimap rl0 from 10.0.0.1/32 to any port = 80 -> 192.168.2.100/32

List of active sessions:
BIMAP 10.0.0.1 54081 <- -> 192.168.2.100 54081 [192.168.2.6 80]
----------------

Could you tell me what is wrong with my configuration ?

Thanks

Abu Khaled wrote:
> On 7/12/05, kodel <kodelz@gmail.com> wrote:
>
>>Hi. Abu..
>>
>>After I'm trying what u said in the previous email
>>I'm using FreeBSD 5.3 and using ipnat.rules like you said before.
>>And using squid-2.5STABLE8 and opening port 80 at the 'http_port' in
>>squid.conf
>>
>>When I try my client to access the internet with this proxy I found out
>>that it doesn't work, I try to monitor the connection with 'ipnat -l'
>>and the nat process is already take place, but the browser client who
>>access the proxy just stay still.
>>
>>Is there any other way to monitor/debug the nat process in FreeBSD
>>so I can make sure what is really happening.. ??
>
>
> Can you provide the rules you used so we can have a look on them?
>
>
>>Oya I almost forgot can I combine the
>>rdr --> which use for intercepting proxy and,
>>bimap --> for transparent proxy
>>both in the same machine ?
>
>
> I allready did that (used rdr and bimap on the same machine).
> Again what rules do you use to acomplish this?
>
>
>>What Im tryin to do is to redirect some client to use the squid ip as
>>the outside ip and use some client to use the their own public ip
>>(transparent mode)
>>
>>
>>Thank's
>>
>>
>>-rd-
>
>
Received on Wed Jul 13 2005 - 07:08:22 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT