Fwd: squid3 and ipfw_transparent macport broke as of Lion?

Michael macosforge.org at nemonik.com
Tue Dec 6 15:10:29 PST 2011

On Tue, Dec 6, 2011 at 11:19 AM, Daniel J. Luke <dluke at geeklair.net> wrote:
> On Dec 6, 2011, at 10:05 AM, Michael wrote:
>> And I've tried the following to configure the firewall via the rule:
>> sudo ipfw add 1013 fwd,3128 tcp from any to any dst-port 80 recv en0
>> I verified the rule was set via
>> sudo ipfw list
>> and it returns:
>> $ sudo ipfw list
>> 01013 fwd,3128 tcp from any to any dst-port 80 recv en0
>> 65535 allow ip from any to any
> is your Mac OS X box routing for all of the (virtual) machines?


>> and I also restarted the firewall just in case w/ each rule change. No dice.
>> I've also configured the kernel as per Step 2: Configure Mac OS X
>> kernel' as described originally at:
>> http://discussions.apple.com/thread.jspa?threadID=2308812&tstart=0
> you mean you set
> net.inet.ip.scopedroute = 0 ?


>> Once setup, the firewall never seems to redirect traffic dst-port 80
>> traffic to Squid to handle, but if I directly configure the Squid
>> proxy settings (localhost:3128) into say Firefox it performs
>> flawlessly... So, the problem seems to be in the ipfw's forwarding of
>> any dst-port 80 traffic to squid to handle.
> What troubleshooting have you done? Have you used tcpdump (or another tool) to see what packets your machine is seeing?

Ah, snap the last line of


"Try to access some Internet web-sites from your client computers and
check squid's access.log file for HITS/MISS." should of clued me in on
the fact that I should of been running my Mac as a gateway.  This
might seem obvious now, but the original article doesn't blatantly
call this out... My bust.

I'll have to keep digging for a way to cache dst port 80 requests...

Thanks for your help.


More information about the macports-dev mailing list