squid3 and ipfw_transparent macport broke as of Lion?

Ryan Schmidt ryandesign at macports.org
Tue Dec 6 23:03:35 PST 2011

On Dec 6, 2011, at 09:00, Michael wrote:

> Should x-post this to the dev-list?  I suppose so.

Probably not, since your question is not about the development of MacPorts or portfiles or how MacPorts' internals works. Posting to the -dev list will probably not increase your audience; I would assume most users who are on the -dev list are also on the -users list.

If you haven't received an answer to your question it's probably because nobody in the MacPorts community knows it. I myself deleted your question without reading most of it because I haven't used any of the software you're talking about. You may have to talk directly to the developers of the software.

> -Michael
> On Mon, Dec 5, 2011 at 10:35 AM, Michael <macosforge.org at nemonik.com> wrote:
>> I'm stuck getting the Squid3 w/ ipdw_transparent port to work as per
>> https://trac.macports.org/wiki/howto/SetupInterceptionSquid and I have
>> concerns Lion may have broken the current squid3 w/ ipfw_transparent
>> macport.
>> I need an intercepting proxy on my dev box as have problem especially
>> aggravated by Dev Ops programming, I'm spending a great deal time
>> building out virtualized environments with the Vagrant tool;
>> specifically, in authoring base box definition postinstall shell
>> scripts. These scripts pull down countless yum packages in order to
>> build up the base image that I then later further provision with
>> either Puppet or Chef integration frameworks via scripts written in
>> Ruby. When things are dorked up like an apparent dependency problem in
>> the repo, I'm spending a great deal of time in debugging issues
>> especially when throttled behind a T1 connection resulting mind
>> numbing time spent in mostly twiddling my thumbs as I sit through
>> repeated pulls of dependencies to get to where the problem occurs.
>> The intercept config example for FreeBsdIpfw at wiki.squid-cache.org
>> led me to a few corrections, but largely the macports wiki article
>> appears correct:
>> The article in Step 3: Configure Mac OS X firewall fails to obviously
>> mention you need to Start Lion's Firewall through the System Panel ->
>> Security & Privacy -> Firewall tab.
>> And I've tried the following to configure the firewall via the rule:
>> sudo ipfw add 1013 fwd,3128 tcp from any to any dst-port 80 recv en0
>> I verified the rule was set via
>> sudo ipfw list
>> and it returns:
>> $ sudo ipfw list
>> 01013 fwd,3128 tcp from any to any dst-port 80 recv en0
>> 65535 allow ip from any to any
>> and I also restarted the firewall just in case w/ each rule change. No dice.
>> I've also configured the kernel as per Step 2: Configure Mac OS X
>> kernel' as described originally at:
>> http://discussions.apple.com/thread.jspa?threadID=2308812&tstart=0
>> Maybe this portion changed w/ Lion?
>> Once setup, the firewall never seems to redirect traffic dst-port 80
>> traffic to Squid to handle, but if I directly configure the Squid
>> proxy settings (localhost:3128) into say Firefox it performs
>> flawlessly... So, the problem seems to be in the ipfw's forwarding of
>> any dst-port 80 traffic to squid to handle.
>> Ideas? Is the problem with Apple's firewall or what?
>> -Michael

More information about the macports-users mailing list