[ previous ] [ next ] [ threads ]
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Settings For Squid Transparent Proxy
 Date:  Tue, 7 Feb 2006 18:34:51 +0000

In message
<FDD796C9E501FE449BB1E8CCCD5FB2629727 at win2ksrvr dot Wagoner dot local>, Ryan
Wagoner <Ryan at wgnrs dot dynu dot com> writes
>I'm at the point where I need somebody with good freebsd / m0n0wall
>expirence to help me out. The rule from below isn't redirecting traffic
>to the squid server correctly. I'm not sure whats wrong with it. I set
>the gateway on my machine to point to the squid server and used iptables
>to route port 80 to 3128 and squid works transparently as it should.
>Setting it back to the m0n0wall gateway with the routing rule and
>nothing happens. I have to set my browser proxy to the squid server in
>order to connect to the m0n0wall gui. Seems to me m0n0wall is dropping
>the packets but I can't tell where. I even went as far to setup a
>firewall rule on the LAN page that allows from soure * to all
>destinations thinking that might work, nope nothing. Anybody know whats
>going on here??

I don't think you'll actually get it to work!  The reason being is that
squid needs to know the original destination, if you just redirect the
packets to the machine running squid then it'll be lost and squid will

This is where something like WCCP comes in as it passes that to squid.

A transparent proxy is ugly and prone to errors, anyway.  My
recommendation would be to redirect all request for port 80 (except
those from the machine running squid) to a page on one of your servers
that instructs the user how to configure their browser to use the proxy.

If you do get it to work then well done and please post here!



Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk