[squid-users] Transparent squid on FreeBSD 4.8

From: ���ȫ <[email protected]>
Date: Mon, 26 Apr 2004 17:05:20 +0900

hi,
i'm beginner of proxy and FreeBSD.
i want to make transparent proxy box on FreeBSD 4.8, using squid-2.5.STABLE4.

========================================================================
1. fist, i compiled my kernel with
---------------------------------------------------
options IPFIREWALL
options IPFIREWALL_FORWARD
---------------------------------------------------

2. and modified [rc.conf] file
-------------------------------------------------------------------------------------------------
defaultrouter="10.0.0.1"
hostname="TaoTest"
dns_nameservers="168.126.63.1"
network_interfaces="lo0 dc0 dc1"
ifconfig_lo0="inet 127.0.0.1"
ifconfig_dc1="inet 10.0.0.251 netmask 255.255.255.0"
-------------------------------------------------------------------------------------------------

3. and loaded bridge module to [rc.local] file
-----------------------------------------------------
kldload bridge.ko
sysctl -w net.link.ether.bridge_cfg="dc0:1,dc1:1"
sysctl -w net.link.ether.bridge_ipfw=1
sysctl -w net.link.ether.bridge=1
sysctl -w net.inet.ip.forwarding=1
-----------------------------------------------------

4. when installed squid, configure --enable-ipf-transparent, but warning was up like this.
---------------------------------------------------------------------------------
WARNING: Cannot find necessary IP-Filter header files
         Transparent Proxy support WILL NOT be enabled
---------------------------------------------------------------------------------
so, i install without [--enable-ipf-transparent] options, just ./configure and make and make install

5. and, squid.conf
---------------------------------------------------
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
---------------------------------------------------

6. and ipfw rule
------------------------------------------------------------------------------------------------------
ipfw add 49 allow tcp from 10.0.0.251 to any
ipfw add 50 fwd localhost,3128 tcp from any to any 80 via dc1
ipfw add 60000 allow all from any to any
------------------------------------------------------------------------------------------------------

7. and execute squid
---------------------------------------------
/usr/local/squid/sbin/squid -z
/usr/local/squid/sbin/squid -D
---------------------------------------------


8. and tested transparent squid with polygraph
client proxy server server
------------------- ---------------------- -------------------
| 10.0.0.226 | -----------|dc1 dc0 | ----------| 10.0.0.232 |
------------------- ---------------------- -------------------
[10.0.0.226]
cd c:\program files\the measurement factory\web polygraph
polyclt --config workloads/hong_simple.pg --log c:/polylog/clientlog_transparent_squid.log --verb_lvl 10
[10.0.0.232]
cd c:\program files\the measurement factory\web polygraph
polysrv --config workloads/hong_simple.pg --log c:/polylog/clientlog_transparent_squid.log --verb_lvl 10
===========================================================================

this test looks very well.
but, according to
---------------------------------------------------------------------------------------
TaoTest# ls -al /usr/local/squid/var/logs/
total 12
drwxr-xr-x 2 nobody wheel 512 Apr 26 16:32 .
drwxr-xr-x 4 nobody wheel 512 Apr 22 12:03 ..
-rw-r--r-- 1 nobody wheel 0 Apr 26 16:25 access.log
-rw-r--r-- 1 nobody wheel 4597 Apr 26 16:33 cache.log
-rw-r--r-- 1 root wheel 4 Apr 26 16:32 squid.pid
-rw-r--r-- 1 nobody wheel 0 Apr 26 16:25 store.log
---------------------------------------------------------------------------------------
and
----------------------------------------------------------------------------------------------------------
TaoTest# ipfw show
00049 0 0 allow tcp from 10.0.0.251 to any
00050 40572 3058538 fwd 127.0.0.1,3128 tcp from any to any 80 via dc1
60000 54086 61236251 allow ip from any to any
65535 65 3721 allow ip from any to any
----------------------------------------------------------------------------------------------------------
, i judge but squid isn't work now,
and packet just pass bridge and ipfw.

according to below,
-------------------------------------------------------------------------------------------
TaoTest# netstat -a |grep 3128
tcp4 0 0 *.3128 *.* LISTEN
-------------------------------------------------------------------------------------------
squid's listening is not problem, i think,
but what is the problem?

thank you for reading,
and i expect reply.
Received on Mon Apr 26 2004 - 02:00:30 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:02 MDT