Fwd: squid3 and ipfw_transparent macport broke as of Lion?

Michael macosforge.org at nemonik.com
Tue Dec 6 15:10:29 PST 2011


On Tue, Dec 6, 2011 at 11:19 AM, Daniel J. Luke <dluke at geeklair.net> wrote:
> On Dec 6, 2011, at 10:05 AM, Michael wrote:
>> And I've tried the following to configure the firewall via the rule:
>>
>> sudo ipfw add 1013 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 recv en0
>>
>> I verified the rule was set via
>>
>> sudo ipfw list
>>
>> and it returns:
>>
>> $ sudo ipfw list
>> 01013 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 recv en0
>> 65535 allow ip from any to any
>
> is your Mac OS X box routing for all of the (virtual) machines?

Yes.

>> and I also restarted the firewall just in case w/ each rule change. No dice.
>>
>> I've also configured the kernel as per Step 2: Configure Mac OS X
>> kernel' as described originally at:
>>
>> http://discussions.apple.com/thread.jspa?threadID=2308812&tstart=0
>
> you mean you set
>
> net.inet.ip.scopedroute = 0 ?

Yes.

>> Once setup, the firewall never seems to redirect traffic dst-port 80
>> traffic to Squid to handle, but if I directly configure the Squid
>> proxy settings (localhost:3128) into say Firefox it performs
>> flawlessly... So, the problem seems to be in the ipfw's forwarding of
>> any dst-port 80 traffic to squid to handle.
>
>
> What troubleshooting have you done? Have you used tcpdump (or another tool) to see what packets your machine is seeing?

Ah, snap the last line of

https://trac.macports.org/wiki/howto/SetupInterceptionSquid

"Try to access some Internet web-sites from your client computers and
check squid's access.log file for HITS/MISS." should of clued me in on
the fact that I should of been running my Mac as a gateway.  This
might seem obvious now, but the original article doesn't blatantly
call this out... My bust.

I'll have to keep digging for a way to cache dst port 80 requests...

Thanks for your help.

-Michael


More information about the macports-dev mailing list