Re: [squid-users] Squid + IPFW on Mac OS X

From: donovan jeffrey j <donovan_at_beth.k12.pa.us>
Date: Mon, 4 Oct 2010 19:58:52 -0400

On Oct 4, 2010, at 3:34 PM, Haravikk wrote:

> Been bashing my brains out on this one for ages, but I'm going to have to admit defeat, as network stuff really isn't my thing.
>
> Basically, I'm installing Squid on my local machine, and want it to handle outgoing requests to a particular port, unfortunately the app in question (Second Life) does not support OS defined proxy servers, so I'm forced to try and redirect it. The only solution really is ipfw I think, I've already corrected for the weird OS X.6 issue with ipfw forwarding which now works as it should.
>
> I've compiled Squid3 with the ipfw transparent support that is required to use the intercept option.
>
> Configuration sets up Squid3 to listen on port 3128, and also to intercept on port 3178. This appears to work correctly.
>
> So now all I need is to set up an IPFW rule to direct traffic to 3178, and I've done the following:
>
> 100 fwd 127.0.0.1,3178 from any to any dst-port 12046
>
> However this seems to generate a loop whereby traffic from Second Life is routed to localhost:3178, but traffic from squid is also routed to the same address (itself!)
>
> I'm completely stumped on how I go about telling ipfw to only redirect messages from Second Life to port 12046, and allow requests from squid so that it can actually do its thing.
>
> Any help is greatly appreciated! I've bounced around various articles in Google to little avail, either I just don't understand what the solutions have been, or none of them are working for some reason because I'm missing a step somewhere.
>
> Thanks!
> Haravikk

here is a sample of my ipfw script i run. if you would like to see the full blown version i can message off list.

#!/bin/sh

#Quietly flush out rules
/sbin/ipfw -q zero
/sbin/ipfw -q -f flush

#Set command prefix (add "-q" option after development to turn on quiet mode)
cmd="/sbin/ipfw -q add"
$cmd 507 fwd 10.0.2.3,3128 tcp from 10.149.0.0/16 to any dst-port 80 in recv en1
$cmd 508 fwd 10.0.2.3,3128 tcp from 10.150.0.0/16 to any dst-port 80 in recv en1
$cmd 509 fwd 10.0.2.3,3128 tcp from 10.151.0.0/16 to any dst-port 80 in recv en1
$cmd 510 fwd 10.0.2.3,3128 tcp from 10.152.0.0/16 to any dst-port 80 in recv en1
$cmd 511 fwd 10.0.2.3,3128 tcp from 10.153.0.0/16 to any dst-port 80 in recv en1
$cmd 512 fwd 10.0.2.3,3128 tcp from 10.142.0.0/16 to any dst-port 80 in recv en1
$cmd 513 fwd 10.0.2.3,3128 tcp from 10.140.0.0/16 to any dst-port 80 in recv en1
$cmd 514 fwd 10.0.2.3,3128 tcp from 10.104.0.0/16 to any dst-port 80 in recv en1

these are just network redirects to squid.
-j
osx H00t
Received on Mon Oct 04 2010 - 23:59:07 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 05 2010 - 12:00:02 MDT