IPFW + NATD + SQUID na jednom Fbsd 5.4 stroji

Pavel Kratina kratinap at volny.cz
Wed Apr 6 22:30:29 CEST 2005

Previous message: xcalib
Next message: IPFW + NATD + SQUID na jednom Fbsd 5.4 stroji
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Zdar FreeBSD,
vim ze podobny problem byl zde nekolikrat diskutovan ale nijak jsem si
nepomohl. Prosim proto o radu.
Mam router/FW/proxy na jednom FreeBSD boxu. viz pravidla dole.
route-ovani packetu jede v pohode. Jen kdyz pridam radek 1350 tedy
forward packetu z portu 80 na port 3128 localniho stroje, kde ma poslouchat squid a
zadam o nejakou URL prostrednictvim http vypadne na mne access dennied
stranka ze squid-u.
Configuraci Squid-u jsem temer nemenil, je tedy temer defaultni, zmeny
jsou opet uvedeny dole.
Kde je tak chyba prosim?
A druha otazka nejak mi neni jasne kudy bezi ty packety po fwd. tedy
kolikrat jeste prochazi pres ipfw nez vylezou sitovym rozhranim.

Dekuji mnohokrat Pavel K.




-------------ipfw---------
00100 allow ip from any to any via lo0
..
01350 fwd 127.0.0.1,3128 tcp from any to any dst-port 80
01400  divert 8668 ip from any to any via rl0
..
02300  allow ip from any to any
02400  deny ip from any to any
65535  allow ip from any to any


------squid.conf---------

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
http_port 3128

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl myIP src 81.30.232.32/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 22          # ssh
acl Safe_ports port 53          # DNS
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow all
http_access deny CONNECT !SSL_ports

acl myNET src 192.168.1.0/24
http_access allow myNET
icp_access allow myNET
icp_access allow localhost

http_access deny all



-- 
Best regards,
 Pavel                          mailto:kratinap at volny.cz

Previous message: xcalib
Next message: IPFW + NATD + SQUID na jednom Fbsd 5.4 stroji
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list