squid3 and ipfw_transparent macport broke as of Lion?

Daniel J. Luke dluke at geeklair.net
Tue Dec 6 08:20:49 PST 2011


On Dec 6, 2011, at 11:19 AM, Daniel J. Luke wrote:
> On Dec 6, 2011, at 10:05 AM, Michael wrote:
>> And I've tried the following to configure the firewall via the rule:
>> 
>> sudo ipfw add 1013 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 recv en0
>> 
>> I verified the rule was set via
>> 
>> sudo ipfw list
>> 
>> and it returns:
>> 
>> $ sudo ipfw list
>> 01013 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 recv en0
>> 65535 allow ip from any to any
> 
> is your Mac OS X box routing for all of the (virtual) machines?
> 
>> and I also restarted the firewall just in case w/ each rule change. No dice.
>> 
>> I've also configured the kernel as per Step 2: Configure Mac OS X
>> kernel' as described originally at:
>> 
>> http://discussions.apple.com/thread.jspa?threadID=2308812&tstart=0
> 
> you mean you set
> 
> net.inet.ip.scopedroute = 0 ?
> 
>> Once setup, the firewall never seems to redirect traffic dst-port 80
>> traffic to Squid to handle, but if I directly configure the Squid
>> proxy settings (localhost:3128) into say Firefox it performs
>> flawlessly... So, the problem seems to be in the ipfw's forwarding of
>> any dst-port 80 traffic to squid to handle.
> 
> What troubleshooting have you done? Have you used tcpdump (or another tool) to see what packets your machine is seeing?


Also ... this is probably not an issue with the squid3 port - so you might have better luck asking on a squid-specific mailing list (or forum).

--
Daniel J. Luke                                                                   
+========================================================+                        
| *---------------- dluke at geeklair.net ----------------* |                          
| *-------------- http://www.geeklair.net -------------* |                          
+========================================================+                        
|   Opinions expressed are mine and do not necessarily   |                          
|          reflect the opinions of my employer.          |                          
+========================================================+





More information about the macports-dev mailing list