On 30/03/11 02:04, Amos Jeffries wrote:
> On 30/03/11 00:58, Leslie Jensen wrote:
>>
>>
>> On 2011-03-29 13:47, Amos Jeffries wrote:
>>> On 30/03/11 00:20, Indunil Jayasooriya wrote:
>>>>> I've now installed Freebsd 8.2-RELEASE on new hardware and I'm
>>>>> using my
>>>>> config from the 7.2 machine.
>>>>>
>>>>> My problem is that squid is not working with transparency. The browser
>>>>> traffic goes directly to the Internet.
>>>>>
>>>>
>>>> If u r doing with PF, Can I have your pf rules?
>>>>
>>>> I am doing squid 2.7.9 tranparent with OpenBSd 4.8.
>>>>
>>>>
>>>> These are my PF rules.
>>>>
>>>>
>>>> # filter rules
>>>> block in log
>>>> pass out log
>>>>
>>>>
>>>> pass in log on $int_if proto tcp from $lan_net to any port { 80 8080
>>>> } \
>>>> rdr-to 127.0.0.1 port 3128
>>>>
>>>>
>>>> in squid.conf file
>>>>
>>>> http_port 3128 transparent
>>>>
>>>>
>>>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
>>>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
>>>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>>>>
>>>> http_access allow localnet
>>>>
>>>
>>> It's worth noting the whole intercept section underwent a code change to
>>> make the NAT lookups run-time selected. At the time care was taken not
>>> to change the lookup sequence, but even so mistakes were found. There
>>> were also outstanding reports that some were badly broken before the
>>> change (doing the lookups completely backward so "myip" ACL matched the
>>> remote client).
>>>
>>> I have not had anyone report either "works" or "fails" for IPFW,
>>> IPFILTER or PF on the 3.1.10 or later releases.
>>>
>>> I believe the other modules work due to people using them successfully.
>>>
>>> FWIW; in theory you should be able to build Squid
>>> with them all enabled and whichever your system provides will be used.
>>>
>>> Amos
>>
>> Thank you Amos.
>>
>> Would you suggest that I revert to 3.0 or even 2.7?
>>
>
> For the immediate result I think you should use 2.7, check that the PF
> side of things is fine.
> When you have confirmed a PF setup with 2.7 as working, please try 3.1
> again.
> I would like to know the result of that (good or bad are both useful)
> and if you are able to help debug any bad results to get 3.1 fixed that
> would be extra great.
Meh, nix this. See Kevins response. 3.1 works:)
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.11 Beta testers wanted for 3.2.0.5Received on Tue Mar 29 2011 - 13:06:06 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 29 2011 - 12:00:02 MDT