Home | Community | Message Board


This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Jump to first unread post Pages: 1
OfflineFlusH
Random person on Internet

Registered: 10/23/01
Posts: 2,910
Loc: Bizzaro World
Last seen: 16 days, 12 hours
Transparent proxy with squid and openbsd...
    #5411949 - 03/17/06 09:20 AM (17 years, 10 months ago)

I am having some problems getting this to work, am somewhat familiar with Pf filter, even more familiar with squid, and I have a good fluency in openBSD. But getting this transparent filter to work is driving me nuts!

What I have done so far is:

enable bridge
hostname.rl0 = up
hostname.fxp0 = up
bridename.bridge0 = add fxp0 add rl0 up

Setup squid.conf
http_port 127.0.0.1:3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

Enabled squid access to /dev/pf

#chgrp _squid /dev/pf
#chmod g+rw /dev/pf

Pf redirect and filter rules - very basic -
int_if="rl0"
ext_if="fxp0"

rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128

pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state

----------------------

The client machine (hooked up via twisted pair 10baseT on rl0 ) can access whatever it wants threw the filtered bridge, PF is working fine, I can Telnet into 127.0.0.1:3128 and access webpages via squid. But the client machine will not do this. It alway's passes right by squid.

Does anybody have any suggestions/ideas/helpfull links? Here is what I have gone over already:
http://www.benzedrine.cx/transquid.html
http://tomclegg.net/squid-tproxy
http://www.openbsd.org/faq/pf/config.html#activate
http://ezine.daemonnews.org/200103/ipf_bridge.html
http://www.monkey.org/openbsd/archive/tech/0110/msg00049.html

Thanks in advance to anybody who can help!


Extras: Filter Print Post Top
OfflineFlusH
Random person on Internet

Registered: 10/23/01
Posts: 2,910
Loc: Bizzaro World
Last seen: 16 days, 12 hours
Re: Transparent proxy with squid and openbsd... [Re: FlusH]
    #5411954 - 03/17/06 09:21 AM (17 years, 10 months ago)

Oh, yea. I have compiled squid with transparency

( #env FLAVOR=transparent make install )


Extras: Filter Print Post Top
OfflineFlusH
Random person on Internet

Registered: 10/23/01
Posts: 2,910
Loc: Bizzaro World
Last seen: 16 days, 12 hours
Re: Transparent proxy with squid and openbsd... [Re: FlusH]
    #5415355 - 03/18/06 08:29 AM (17 years, 10 months ago)

Well, after playing with it some more I found out that my installation of squid must be corrupted, or an improper flag somewhere during compile. When loading up squid with 'squid -d 5' I get the error 'ipcache_init: DNS name lookup tests failed'

I can get around this with 'squid -D' to disable the DNS lookup test, but squid will not accept any inbound connections on 127.0.0.1, but it works on any Ip I assign to any of the nics.

I am now wondering if I can assign the bridge an IP address, and point squid there, but I have not found a way to do this yet.

When I do figure this out, I will definitly post detailed instructions!


--------------------


Extras: Filter Print Post Top
OfflineFlusH
Random person on Internet

Registered: 10/23/01
Posts: 2,910
Loc: Bizzaro World
Last seen: 16 days, 12 hours
Re: Transparent proxy with squid and openbsd... [Re: FlusH]
    #5421777 - 03/20/06 09:43 AM (17 years, 10 months ago)

ARG!!! I feel like such an idiot....


The problem was that I had the rdr line wrong in my PF.CONF, it should read
"rdr on $ext_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128"

it is now redirecting all information going threw the external nic and sending it to squid which is running on 127.0.0.1:3128 Before it was redirecting all information coming back to the internal nic.

This one is almost as bad as the elusive semi-colon!


--------------------


Extras: Filter Print Post Top
OfflineFlusH
Random person on Internet

Registered: 10/23/01
Posts: 2,910
Loc: Bizzaro World
Last seen: 16 days, 12 hours
Re: Transparent proxy with squid and openbsd... [Re: FlusH]
    #5437509 - 03/24/06 08:19 AM (17 years, 10 months ago)

I am now working on a "how to" for transparent proxying. If anybody here is interested, I can post my progress. I will not though unless somebody speaks up!


--------------------


Extras: Filter Print Post Top
Jump to top Pages: 1


Similar ThreadsPosterViewsRepliesLast post
* Squid authenticating against Win2K Active Directory FlusH 485 0 07/12/06 11:33 AM
by FlusH
* How to setup a proxy server Lana 2,207 8 10/29/03 01:12 AM
by T0aD
* how to set up a private proxy server on my linux server? OJK 4,313 9 02/13/07 05:34 PM
by robbyberto
* will someone help me set up a proxy for firefox? ZippoZM 1,516 7 08/28/07 03:09 AM
by makaveli8x8
* Bypassing firewalls / redirecting ports and shit. T0aD 1,615 8 09/13/03 05:35 AM
by T0aD
* First live giant squid photographed in the wild
( 1 2 all )
Silversoul 2,811 28 10/09/05 09:13 PM
by absolute zero
* Anyone here familioar with unix? OpenBSD 5.5 questions
( 1 2 all )
nice1returns 2,917 21 09/29/14 02:23 AM
by nice1returns
* Freedom Websecure proxy dendritic44 1,576 4 08/05/02 03:25 PM
by dendritic44

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
2,295 topic views. 0 members, 0 guests and 3 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.018 seconds spending 0.004 seconds on 12 queries.