squid3 and ipfw_transparent macport broke as of Lion?
Michael
macosforge.org at nemonik.com
Tue Dec 6 07:00:10 PST 2011
Should x-post this to the dev-list? I suppose so.
-Michael
On Mon, Dec 5, 2011 at 10:35 AM, Michael <macosforge.org at nemonik.com> wrote:
> I'm stuck getting the Squid3 w/ ipdw_transparent port to work as per
> https://trac.macports.org/wiki/howto/SetupInterceptionSquid and I have
> concerns Lion may have broken the current squid3 w/ ipfw_transparent
> macport.
>
> I need an intercepting proxy on my dev box as have problem especially
> aggravated by Dev Ops programming, I'm spending a great deal time
> building out virtualized environments with the Vagrant tool;
> specifically, in authoring base box definition postinstall shell
> scripts. These scripts pull down countless yum packages in order to
> build up the base image that I then later further provision with
> either Puppet or Chef integration frameworks via scripts written in
> Ruby. When things are dorked up like an apparent dependency problem in
> the repo, I'm spending a great deal of time in debugging issues
> especially when throttled behind a T1 connection resulting mind
> numbing time spent in mostly twiddling my thumbs as I sit through
> repeated pulls of dependencies to get to where the problem occurs.
>
> The intercept config example for FreeBsdIpfw at wiki.squid-cache.org
> led me to a few corrections, but largely the macports wiki article
> appears correct:
>
> The article in Step 3: Configure Mac OS X firewall fails to obviously
> mention you need to Start Lion's Firewall through the System Panel ->
> Security & Privacy -> Firewall tab.
>
> And I've tried the following to configure the firewall via the rule:
>
> sudo ipfw add 1013 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 recv en0
>
> I verified the rule was set via
>
> sudo ipfw list
>
> and it returns:
>
> $ sudo ipfw list
> 01013 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 recv en0
> 65535 allow ip from any to any
>
> and I also restarted the firewall just in case w/ each rule change. No dice.
>
> I've also configured the kernel as per Step 2: Configure Mac OS X
> kernel' as described originally at:
>
> http://discussions.apple.com/thread.jspa?threadID=2308812&tstart=0
>
> Maybe this portion changed w/ Lion?
>
> Once setup, the firewall never seems to redirect traffic dst-port 80
> traffic to Squid to handle, but if I directly configure the Squid
> proxy settings (localhost:3128) into say Firefox it performs
> flawlessly... So, the problem seems to be in the ipfw's forwarding of
> any dst-port 80 traffic to squid to handle.
>
> Ideas? Is the problem with Apple's firewall or what?
>
> -Michael
More information about the macports-users
mailing list