transparent proxy on FreeBSD with squid and ipfw

transparent proxy on FreeBSD with squid and ipfw

Post by humpt » Thu, 23 Jan 2003 12:13:18

I know there was many posts about squid and transparent proxy but I still
have a problem, I have installed squid-2.4_10 on FreeBSD 4.7_STABLE, it's
warking ok when I configure my browser to use proxy, but when no proxy is
selected in browser there is no sites displayed, I'm trying to use squid as
cache for my network, make is done with prefixes:
in my squid.conf:
http_port                        3128
httpd_accel_host            virtual
httpd_accel_port            80
httpd_accel_with_proxy  on
httpd_accel_header        on
and ipfw rules are:
ipfw add 40 allow tcp from EXT_INTERFACE to any
ipfw add 50 allow tcop from any to any setup
ipfw add 60 fwd,3128 tcp from INT_INTERFACE to any 80  (tryied any
other rules with "any" for INT_INTERFACE and "via rl0", and many others :))
kernel options:
options    IPFIREWALL
options    IPDIVERT
And at last my machine works as gateway with two ethernet cards, when client
browser is configured without proxy netstat shows thet there is some
transfer on "fwd" rule but browser returns error such there was no
connection to site, not a squid error, with browser configured for proxy on
port 3128 it's working just fine and squid is used as I can see it on squid
logs. Sorry for such long post but I wanted to give You as full describtion
as I can think off, I'm desperate for a secend was even thinking off geting
linux :)). Will be gratefull for any help on post or e-mail me to



transparent proxy on FreeBSD with squid and ipfw

Post by humpt » Fri, 24 Jan 2003 09:09:46

> >and ipfw rules are:
> >ipfw add 40 allow tcp from EXT_INTERFACE to any
> >ipfw add 50 allow tcp from any to any setup

> guess what?

> >ipfw add 60 fwd,3128 tcp from INT_INTERFACE to any 80  (tryied

> rule 60 won't match your packets. Verify with 'ipfw show' then switch 50
> with 60. Repeat.

THX a lot that helped, I was trying so many ipfw configs than didn't think
that one is blocking another.
THX a lot one more time :))


1. Squid transparent proxy problem with FreeBSD 4.4

I was trying to set up a squid proxy server as a transparent proxy in
a FreeBSD 4.4 box with one NIC 3COM configured with IP:
and Netmask:

I've compiled squid with --enable-ipf-transparent  and I've set up

In my Cisco 4000 router:

access-list 110 deny   tcp host any eq www
access-list 110 permit tcp any any eq www
route-map proxy-redirect permit 10
 match ip address 110
 set ip next-hop
int eth2/0
 ip policy route-map proxy-redirect

and compiled the Kernel with:

        options         IPFIREWALL
        options         IPFIREWALL_FORWARD

I've set up the squid.conf file with:
     http_port 3128
     httpd_accel_host virtual
     httpd_accel_port 80
     httpd_accel_with_proxy on
httpd_accel_uses_host_header on

And in rc.local:

ipfw add 49  allow tcp from to any
ipfw add 50  fwd,3128 tcp from any to any 80
ipfw add 60000 allow all from any to any

With this configuration none computer in the network is able to access

When I run:

Ipfw show

It shows that the rule 50 is being hit and the number of times it is
hit grows when I try to access Web in a client computer in my network.

Does anybody see anything I missed?

Thanks in advance,

Pedro Paulo

2. Config(8) Version = 400018 version req: 400019

3. Printing with Netscape

4. WAR-FTPD 1.65 and IP Masquerading

5. ipfw -- Transparent proxy problem (2.0.30 & 2.1.57)

6. Process synchronisation via the net ?

7. please help me with ipfw and transparent proxy

8. Transparent FTP proxy with IPFW & NATD?

9. 200mmx 64ram ipfw and transparent proxy

10. Transparent proxy with Squid and Apache problem

11. LinuxPowered - Transparent proxy using Squid