tproxy on freebsd

B

banyezdemah

Hi

I want to setup squid on tproxy mode. Does FreeBSD really support tproxy like Linux? What should i do or how should i configure my squid for this purpose? Also i do not anything about bridge part. May anyone help me on that? I can specify my question as following:

1) My server has one NIC, is it enough or i have to use 2 NIC?
2) What is the concept of bridge part?
3) Is it possible to run tproxy without any requirements (like ipf or ipnat) ?
4) Is there any document to do this issue?


Would you please help me friends?

Regards
:)
 
Are you talking about transparent proxy? (never heard it called tproxy)

You'll need one of pf, ipf, or ipfw ('make config' in /usr/ports/www/squid will contain the options).

You do not need a bridge. I've never seen it done on a single interface, but it may be possible (e.g. by treating traffic from the 'squid' user differently). If you can spare a second NIC, don't hesitate, it will make life a lot easier.

See http://forums.freebsd.org/showthread.php?t=5544 for some pointers.
 
DutchDaemon: TPROXY is a squid/lusca extension to spoof the client's IPs for each connection (really transparent to the client).

FreeBSD supports the TPROXY on router mode (look at this very old page for some samples and ideas: http://tproxy.no-ip.org:280/)

The bridge mode is being worked on.

Luiz
 
Yeah, sorry for the delay !

Here is a patch to make lusca work on tproxy mode with bridge: http://loos.no-ip.org/lusca_tproxy.diff

The usage goes like:

Clients (192.168.0.0/24 in this example) -> em0 -> tproxy -> em1 -> internet

You need to add at least two ipfw rules, here is an example:

Code: 
# Redirect the clients packets to proxy
ipfw add 127.0.0.1,3128 tcp from 192.168.0.0/24 to any 80 via em0

# Redirect the received packets back into OS
ipfw add 127.0.0.1 tcp from any 80 to 192.168.0.0/24 via em1

Please make sure your proxy can access the internet (at least for resolving DNS names - i.e. you need to setup an IP, gateway and DNS servers).

Build, install and configure lusca to work in tproxy mode and you are ready to go.
 
You must log in or register to reply here.
Back
Top