Re: FreeBSD router and WCCP
On 10:47:37 Nov 19, Steve Bertrand wrote:
> Essentially, I simply need a method to redirect layer 3/4 traffic
> destined for anything:80 from the router to the appliance.
>
> I've got a few options now, so I'll be testing all of them in the coming
> days.
>
Including this one?
rdr all port 80 to ${appliance}
Since you are leaving out the proto and "tcp/udp" fields this
redirection will work as expected.
regards,
Girish
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD router and WCCP
>> I am familiar with IPFW, but I'd like to know all options in order to >> choose the best one. >> >> I would very much prefer to do this in a way without having to have >> Squid running on the box, but will if I have to. > > If filtering is all you want, you don't have to set up squid as a > caching proxy. I.e. it won't need much RAM and disk space. I have > yet to set up ICAP (with c-icap) in our workshop, but from > discussions on squid mailing lists it seems ICAP is in a pretty > usable state, both in squid 2.x and 3.x. Essentially, I simply need a method to redirect layer 3/4 traffic destined for anything:80 from the router to the appliance. I've got a few options now, so I'll be testing all of them in the coming days. Thanks for your suggestions. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD router and WCCP
On Mon, Nov 19, 2007 at 10:10:43AM -0500, Steve Bertrand wrote: > > > ipfw forwarding is a very easy way to redirect traffic without > > changing it. PF has similar functionality. It all depends on what > > the appliance supports. If wccp is the only way it can eat > > packets, try playing with gre(4). But maybe it'll consume just > > plain packets with "wrong" IP destinations arriving on its MAC > > address, just the way squid on FreeBSD does. > > > > BTW, if the appliance supports ICAP, you'll be much better off > > running squid on a FreeBSD box and filtering content through > > ICAP. > > The appliance does indeed have ICAP capabilities, but I have never > dabbled with it before. > > I am familiar with IPFW, but I'd like to know all options in order to > choose the best one. > > I would very much prefer to do this in a way without having to have > Squid running on the box, but will if I have to. If filtering is all you want, you don't have to set up squid as a caching proxy. I.e. it won't need much RAM and disk space. I have yet to set up ICAP (with c-icap) in our workshop, but from discussions on squid mailing lists it seems ICAP is in a pretty usable state, both in squid 2.x and 3.x. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD router and WCCP
> ipfw forwarding is a very easy way to redirect traffic without > changing it. PF has similar functionality. It all depends on what > the appliance supports. If wccp is the only way it can eat > packets, try playing with gre(4). But maybe it'll consume just > plain packets with "wrong" IP destinations arriving on its MAC > address, just the way squid on FreeBSD does. > > BTW, if the appliance supports ICAP, you'll be much better off > running squid on a FreeBSD box and filtering content through > ICAP. The appliance does indeed have ICAP capabilities, but I have never dabbled with it before. I am familiar with IPFW, but I'd like to know all options in order to choose the best one. I would very much prefer to do this in a way without having to have Squid running on the box, but will if I have to. >> The filter will not be inline, and it will be an opt-in type service, so >> only certain traffic will need to be redirected. > > You'll be able to use ipfw or pf to tune the policies to a very > fine degree. Thanks for your help! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD router and WCCP
On Mon, Nov 19, 2007 at 08:58:34AM -0500, Steve Bertrand wrote: > Andrew Pantyukhin wrote: > > On Fri, Nov 16, 2007 at 12:48:52PM -0500, Steve Bertrand wrote: > >> Does anyone know of a way to configure WCCP redirect support into a > >> FreeBSD based router without having to install squid? > > > > I've only used FreeBSD as a WCCPv1/v2 sink (receiver), but you > > can try sending out packets out of gre(4). That should probably > > work. > > > > If you're trying to redirect traffic to another machine running > > squid, consider avoiding WCCP, it's not a very bright protocol.j > > Thanks for the response. > > We are deploying a commercial appliance as a content filter, so I can > only assume that it is running a customized version of Squid but I don't > know. > > Do you have any recommendation on what I should use if WCCP is not > recommended? ipfw forwarding is a very easy way to redirect traffic without changing it. PF has similar functionality. It all depends on what the appliance supports. If wccp is the only way it can eat packets, try playing with gre(4). But maybe it'll consume just plain packets with "wrong" IP destinations arriving on its MAC address, just the way squid on FreeBSD does. BTW, if the appliance supports ICAP, you'll be much better off running squid on a FreeBSD box and filtering content through ICAP. > The filter will not be inline, and it will be an opt-in type service, so > only certain traffic will need to be redirected. You'll be able to use ipfw or pf to tune the policies to a very fine degree. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD router and WCCP
Andrew Pantyukhin wrote: > On Fri, Nov 16, 2007 at 12:48:52PM -0500, Steve Bertrand wrote: >> Does anyone know of a way to configure WCCP redirect support into a >> FreeBSD based router without having to install squid? > > I've only used FreeBSD as a WCCPv1/v2 sink (receiver), but you > can try sending out packets out of gre(4). That should probably > work. > > If you're trying to redirect traffic to another machine running > squid, consider avoiding WCCP, it's not a very bright protocol.j Thanks for the response. We are deploying a commercial appliance as a content filter, so I can only assume that it is running a customized version of Squid but I don't know. Do you have any recommendation on what I should use if WCCP is not recommended? The filter will not be inline, and it will be an opt-in type service, so only certain traffic will need to be redirected. Tks, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD router and WCCP
On Fri, Nov 16, 2007 at 12:48:52PM -0500, Steve Bertrand wrote: > Does anyone know of a way to configure WCCP redirect support into a > FreeBSD based router without having to install squid? I've only used FreeBSD as a WCCPv1/v2 sink (receiver), but you can try sending out packets out of gre(4). That should probably work. If you're trying to redirect traffic to another machine running squid, consider avoiding WCCP, it's not a very bright protocol. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FreeBSD router and WCCP
Does anyone know of a way to configure WCCP redirect support into a FreeBSD based router without having to install squid? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
