Search squid archive

Re: Problems with transparancy and pf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 30/03/11 00:20, Indunil Jayasooriya wrote:
I've now installed Freebsd 8.2-RELEASE on new hardware and I'm using my
config from the 7.2 machine.

My problem is that squid is not working with transparency. The browser
traffic goes directly to the Internet.


If u r doing with PF, Can I have your pf rules?

I am doing squid 2.7.9 tranparent with OpenBSd 4.8.


These are my PF rules.


# filter rules
block in log
pass out log


pass in log on $int_if proto tcp from $lan_net to any port { 80 8080 } \
     rdr-to 127.0.0.1 port 3128


in squid.conf file

http_port  3128 transparent


acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

http_access allow localnet


It's worth noting the whole intercept section underwent a code change to make the NAT lookups run-time selected. At the time care was taken not to change the lookup sequence, but even so mistakes were found. There were also outstanding reports that some were badly broken before the change (doing the lookups completely backward so "myip" ACL matched the remote client).

I have not had anyone report either "works" or "fails" for IPFW, IPFILTER or PF on the 3.1.10 or later releases.

I believe the other modules work due to people using them successfully.

FWIW; in theory you should be able to build Squid
with them all enabled and whichever your system provides will be used.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.11
  Beta testers wanted for 3.2.0.5


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux