I'm trying to setup local transparent proxy with ipfw and squid and ran into some problems. I have a single rule 00100 fwd 127.0.0.1,3128 log tcp from any to any dst-port 80 but it either gets into infinite loop or doesn't work for some other reason. There's a ipfw: 100 Forward to 127.0.0.1:3128 TCP 172.17.244.135:56788 74.125.232.0:80 out via en0 message in system.log when I curl something but nc listening on port 3128 doesn't receive anything. Any ideas?
Asked
Active
Viewed 199 times
1
synapse
- 111
- 2
1 Answers
1
If squid is running on the same machine you will have an infinite loop I guess as the request from squid will trigger from any to any dst-port 80 again. I don't think you would be able to devise a rule that ignores traffic from specific programs, unless you start using multiple routing tables (fib's in FreeBSD parlance).
I suggest you look at configuring a proxy in your software by setting environment variables like HTTP_PROXY for curl, wget, fetch, etc. and configuring the proxy in your browser.
Coroos
- 370
- 2
- 6
-
Yeah, it seems like another adapter is needed for this to work. So I'm sticking with regular (non-transparent) proxy for the time being. – synapse Jun 20 '13 at 10:49
-
Actually, `squid` sends everything to port 8080 of upstream proxy, so it should be possible to avoid loops without extra interfaces. – synapse Jun 20 '13 at 10:55