squid3 and ipfw_transparent macport broke as of Lion?
Michael
macosforge.org at nemonik.com
Tue Dec 6 07:05:51 PST 2011
I am x-post from the user-list.
I'm stuck getting the Squid3 w/ ipdw_transparent port to work as per
https://trac.macports.org/wiki/howto/SetupInterceptionSquid and I have
concerns Lion may have broken the current squid3 w/ ipfw_transparent
macport.
I need an intercepting proxy on my dev box as have problem especially
aggravated by Dev Ops programming, I'm spending a great deal time
building out virtualized environments with the Vagrant tool;
specifically, in authoring base box definition postinstall shell
scripts. These scripts pull down countless yum packages in order to
build up the base image that I then later further provision with
either Puppet or Chef integration frameworks via scripts written in
Ruby. When things are dorked up like an apparent dependency problem in
the repo, I'm spending a great deal of time in debugging issues
especially when throttled behind a T1 connection resulting mind
numbing time spent in mostly twiddling my thumbs as I sit through
repeated pulls of dependencies to get to where the problem occurs.
The intercept config example for FreeBsdIpfw at wiki.squid-cache.org
led me to a few corrections, but largely the macports wiki article
appears correct:
The article in Step 3: Configure Mac OS X firewall fails to obviously
mention you need to Start Lion's Firewall through the System Panel ->
Security & Privacy -> Firewall tab.
And I've tried the following to configure the firewall via the rule:
sudo ipfw add 1013 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 recv en0
I verified the rule was set via
sudo ipfw list
and it returns:
$ sudo ipfw list
01013 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 recv en0
65535 allow ip from any to any
and I also restarted the firewall just in case w/ each rule change. No dice.
I've also configured the kernel as per Step 2: Configure Mac OS X
kernel' as described originally at:
http://discussions.apple.com/thread.jspa?threadID=2308812&tstart=0
Maybe this portion changed w/ Lion?
Once setup, the firewall never seems to redirect traffic dst-port 80
traffic to Squid to handle, but if I directly configure the Squid
proxy settings (localhost:3128) into say Firefox it performs
flawlessly... So, the problem seems to be in the ipfw's forwarding of
any dst-port 80 traffic to squid to handle.
Ideas? Is the problem with Apple's firewall or what?
-Michael
More information about the macports-dev
mailing list