On 2013-08-14 23:18, John Hay wrote:
> On Wed, Aug 14, 2013 at 10:13:13PM -0300, Reginaldo Giovane Guaitanele
> wrote:
>> 2013/8/14 Amos Jeffries <squid3_at_treenet.co.nz>:
>> > On 2013-08-14 13:21, Reginaldo Giovane Guaitanele wrote:
>> >>
>> >> N?o estou conseguindo usar o tproxy no freebsd.
>> >>
>> >> alguem sabe quais regras usar no ipfw ou pf pra funcionar com tproxy?
>> >
>> >
>> > TPROXY on FreeBSD requires Squid-3.4 beta version and IPFW tool (FreeBSD
>> > version of PF does not support TPROXY).
>> > I'm not sure which rules IPFW requires, TPROXY implementations tend to use
>> > the wording "divert" to describe it separately from NAT 'redirect'/'forward'
>> > rules.
>> >
>> > Amos
>> >
>>
>> I have already compiled Squid-3.4 beta on Freebsd 9.1 with support
>> TPROXY.
>> But still do not know how to divert traffic to the squid with IPFW.
>
> What is different between TPROXY and --enable-ipfw-transparent or
> TP_IPFW
> as it is called in the FreeBSD port Makefile? I have been using this
> via
> the "Enable transparent proxying with IPFW" option in the FreeBSD
> Makefile
> for years.
There is no difference with that part of the interception system. For
FreeBSD the changes are on the outgoing side where sockets have BINDANY
behaviour enabled and Squid is permitted to bind with any of the
existing connections client IPs.
> The version of squid I'm currently using is 3.2.5 and in its
> config I use:
>
> http_port 127.0.0.1:3000 transparent
>
> and then in ipfw I use
>
> ${fwcmd} add 11300 fwd 127.0.0.1,3000 tcp from 10.0.0.0/8 to any 80
>
I don't think there is any difference with IPFW rule.
For the squid.conf you set "tproxy" instead of "transparent" which is
currently performing NAT-like behaviour for you.
Amos
Received on Thu Aug 15 2013 - 07:25:59 MDT
This archive was generated by hypermail 2.2.0 : Thu Aug 15 2013 - 12:00:24 MDT