This is what I have in my network and I'm only using my local network for testing this configuration Webserver : 192.168.2.10 Squid : 192.168.2.50 Client : 192.168.2.100 rc.conf ------------- #enabling ipfilter ipfilter_enable="YES" ipnat_enable="YES" ipmon_enable="YES" ipfs_enable="YES" ipfilter_rules="/etc/ipf.rules" ipnat_rules="/etc/ipnat.rules" gateway_enable="YES" -------------- squid.conf ------------ cache_dir diskd /usr/local/squid/var/cache 200 16 256 Q1=64 Q2=72 acl our_networks src 192.168.2.0/24 http_access allow our_networks httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on http_port 80 acl client1 src 192.168.2.100/255.255.255.0 tcp_outgoing_address 10.0.0.1 client1 ------------- ipnat.rules ------------- bimap rl0 from 10.0.0.1/32 to 0.0.0.0/0 port = 80 -> 192.168.2.100/32 -------------- And when I try to open the webserver page from the browser's client, it's just stand still. I check if the NAT is already running and this is what I get : ---------------- #ipnat -l List of active MAP/Redirect filters: bimap rl0 from 10.0.0.1/32 to any port = 80 -> 192.168.2.100/32 List of active sessions: BIMAP 10.0.0.1 54081 <- -> 192.168.2.100 54081 [192.168.2.6 80] ---------------- Could you tell me what is wrong with my configuration ? Thanks Abu Khaled wrote: > On 7/12/05, kodel <kodelz@xxxxxxxxx> wrote: > >>Hi. Abu.. >> >>After I'm trying what u said in the previous email >>I'm using FreeBSD 5.3 and using ipnat.rules like you said before. >>And using squid-2.5STABLE8 and opening port 80 at the 'http_port' in >>squid.conf >> >>When I try my client to access the internet with this proxy I found out >>that it doesn't work, I try to monitor the connection with 'ipnat -l' >>and the nat process is already take place, but the browser client who >>access the proxy just stay still. >> >>Is there any other way to monitor/debug the nat process in FreeBSD >>so I can make sure what is really happening.. ?? > > > Can you provide the rules you used so we can have a look on them? > > >>Oya I almost forgot can I combine the >>rdr --> which use for intercepting proxy and, >>bimap --> for transparent proxy >>both in the same machine ? > > > I allready did that (used rdr and bimap on the same machine). > Again what rules do you use to acomplish this? > > >>What Im tryin to do is to redirect some client to use the squid ip as >>the outside ip and use some client to use the their own public ip >>(transparent mode) >> >> >>Thank's >> >> >>-rd- > >
