I have a dual-homed freebsd box running squid. The outside interface is connected to a switch that has the outside interface of the MS proxy connected to it and the inside interface of the PIX.
I can access the web just fine going through the MS Proxy, but from the FreeBSD box, I can only go to FTP sites, and do DNS lookups - http does not work, not even from the box itself. I can see requests going out, but no response.
14:18:52.720725 aedxbweb01.1188 > ld.cb.msn.com.http: S 3082282937:3082282937(0) win 57344 (DF)
14:18:55.920770 aedxbweb01.1188 > ld.cb.msn.com.http: S 3082282937:3082282937(0) win 57344 (DF)
14:18:59.120827 aedxbweb01.1188 > ld.cb.msn.com.http: S 3082282937:3082282937(0) win 57344 (DF)
So as you can you see, "domain" (port 53) traffic is working just fine, as does FTP and SMTP, when I try to telnet to those ports on machines sitting on the internet. HTTP does not work, the requests go unanswered.
Squid works when I try to go to FTP sites from the clients, so I don't think it is the FreeBSD box. Somethings happening on the PIX thats not letting it return HTTP addresses.
I have nat (inside) 1 0 0 and global (outside) 1 interface on the PIX for natting. Its currently PATting two addresses, one for the MS Proxy outside interface and one for the FreeBSD outside interface. MS Proxy works just fine though.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...