help with my freebsd+ipfw+ipnat+squid 3.0

By the way, reply_body_max_size and request_body_max_size are not set to anything in the default squid.conf, so there should be no reason to adjust them. Unless you're using some cut & paste off the 'net instead of making your own.
 
now i desativate de reply_body_max_size and request_body_max_size like a dutch daemon say.....but appear in all my web sites "the request or reply is too large" and my squid -v
Code: 
freebsd# squid -v
Squid Cache: Version 3.0.STABLE8
configure options:  '--with-default-user=squid' '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic ntlm digest' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB squid_radius_auth YP' '--enable-digest-auth-helpers=password' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group' '--enable-ntlm-auth-helpers=SMB' '--enable-storeio=ufs diskd null' '--enable-ipfw-transparent' '--enable-kqueue' '--enable-err-languages=Armenian Azerbaijani Bulgarian Catalan Czech Danish  Dutch English Estonian Finnish French German Greek  Hebrew Hungarian Italian Japanese Korean Lithuanian  Polish Portuguese Romanian Russian-1251 Russian-koi8-r  Serbian Simplify_Chinese Slovak Spanish Swedish  Traditional_Chinese Turkish Ukrainian-1251  Ukrainian-koi8-u Ukrainian-utf8' '--enable-default-err-language=English' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd7.1' 'build_alias=i386-portbld-freebsd7.1' 'CC=cc' 'CFLAGS=-O2 -fno-strict-aliasing -pipe' 'LDFLAGS=' 'CPPFLAGS=' 'CXX=c++' 'CXXFLAGS=-O2 -fno-strict-aliasing -pipe'
 
One more thing, copy my squid.conf from
HTML: 
http://zse.ath.cx/cheoac/
and try with it. Change only
Code: 
 http_port 8080 transparent
to your and
Code: 
dns_nameservers  83.238.114.6 #change to your isp DNS
and
Code: 
acl siec src 172.21.0.0/255.255.0.0  #change to you internal ip

Put somewhere your squid.conf as a link.
 
Check your IPFW logs and make sure your packets doesn't get in endless loop as I mentioned. These are the squid rules from my firewall
Code: 
a="ipfw add"
l="log logamount 10000"
squid_ports=http

ipfw -f flush
$a check-state

$a allow all from any to any via lo0

# SQUID

$a fwd $squid $l all from $my_net to any $squid_ports in via $in_if
$a allow $l all from $out_if to any $squid_ports out via $out_if
$a allow $l all from any $squid_ports to $out_if in via $out_if
$a allow $l all from any $squid_ports to $my_net out via $in_if
$out_if is 192.168.2.2 in your case
$in_if is 192.168.3.1
 
i know what is my problem...my problem it's forwardinf loop

Code: 
2009/05/26 08:56:33| WARNING: Forwarding loop detected for:
X-Forwarded-For: 192.168.3.2, 192.168.2.2, 192.168.2.2, 192.168.2.2, 192.168.2.2, 192.168.2.2, 192.168.2.2, 192.168.2.2, 192.168.2.2, 192.168.2.2, 192.168.2.

this is my cache.log
 
Do yourself a favour: run Squid on 127.0.0.1. There's a reason why transparent proxying usually takes place on localhost.
 
this is my ipfw.rules
#!/bin/sh

ipfw -q flush

outside="em0"
inside="rl0"
cmd="ipfw -q add"

$cmd 00080 fwd 127.0.0.1,3128 tcp from any to any 80
$cmd 00090 allow all from any to any via $outside
Click to expand...
 
Try adding to that rule:

Code: 
in recv $nic

Replace $nic with the network card you're redirecting the port 80 traffic on. I'm assuming you have a default gateway correctly set up, so that Squid knows where to go for internet connectivity?
 
I meant:

Code: 
$cmd 00080 fwd 127.0.0.1,3128 tcp from any to any 80 in recv $int_nic

Which is probably the same.
 
You must log in or register to reply here.
Back
Top