force all the network traffic through a proxy server.
Thomas
thoms3rd at gmail.com
Thu Jun 30 00:13:53 UTC 2016
Tue, Jun 28, 2016 at 01:48:30PM -0400, Ataro via freebsd-ipfw:
> Hi there,
>
> I've set up a FreeBSD machine inside a VirtualBox machine and used IPFW to redirect all the requests to the internet through a squid proxy server running on the same machine in port 3128 in intercept mode (also known as transparent proxy mode).
>
> The problem is that I need a way to identify the packets that originates from the squid server and let them pass out to the Internet but all other packets must go through the squid server.
>
> my IPFW rules looks like the following:
> ipfw -f flush
> ipfw add 50 pass all from any to any via lo0
> ipfw add 100 pass all from any to any proto udp
> ipfw add 150 pass icmp from any to any
> ipfw add 200 fwd 127.0.0.1,3128 tag 1111 tcp from me to any
> ipfw add 250 pass all from 10.0.2.15 to any tagged 1111
>
> Unfortunately, the packets that originates from the squid server redirected back to itself and I don't find a way to allow them pass out.
>
> Is someone here have an idea?
>
> Regards,
>
> Ataro.
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
Hello,
Run the squid server as a separate user, and use the uid match pattern.
Cheers,
Thomás
More information about the freebsd-ipfw
mailing list