и так я тоже пробывал
правило
${fwcmd} add fwd 127.0.0.1,3128 log tcp from 192.168.1.0/24 to any 80лог
ipfw: 2600 Forward to 127.0.0.1:3128 TCP 192.168.1.200:1092 64.233.167.147:80 in via rl0
ipfw show
02600 10 480 fwd 127.0.0.1,3128 log logamount 20 tcp from 192.168.1.0/24 to any dst-port 80
в сквиде все именно так
httpd_accel_host virtual 80
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
вот весь
# ipfw show
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 0 0 deny icmp from any to any in icmptypes 5,9,13,14,15,16,17
00500 0 0 deny icmp from any to any frag
00600 0 0 allow icmp from any to any
00700 172 45173 allow tcp from any to any established
00800 4 279 allow ip from 192.168.234.52 to any
00900 3 327 allow ip from 192.168.1.1 to any
01000 0 0 allow tcp from any to 192.168.234.52 dst-port 53 setup
01100 0 0 allow udp from any to 192.168.234.52 dst-port 53
01200 0 0 allow udp from 192.168.234.52 53 to any
01300 0 0 allow tcp from any to 192.168.1.1 dst-port 53 setup
01400 3 179 allow udp from any to 192.168.1.1 dst-port 53
01500 0 0 allow udp from 192.168.1.1 53 to any
01600 0 0 allow udp from any to any dst-port 137
01700 2 458 allow udp from any to any dst-port 138
01800 0 0 allow tcp from any to 192.168.234.52 dst-port 22 setup
01900 0 0 allow tcp from any to 192.168.234.52 dst-port 80 setup
02000 0 0 allow tcp from 192.168.234.0/24 to 192.168.234.52 dst-port 3128 setup
02100 0 0 allow tcp from 192.168.1.0/24 to 192.168.1.1 dst-port 3128 setup
02200 0 0 allow ip from any to 192.168.234.52 dst-port 1025-49151 keep-state
02300 4 389 allow ip from any to 192.168.234.52 dst-port 49152-65535 keep-state
02400 0 0 allow ip from any to 192.168.1.1 dst-port 1025-49151 keep-state
02500 0 0 allow ip from any to 192.168.1.1 dst-port 49152-65535 keep-state
02600 3 144 fwd 127.0.0.1,3128 log logamount 20 tcp from 192.168.1.0/24 to any dst-port 80
65534 0 0 deny log logamount 20 ip from any to any
65535 0 0 deny ip from any to any
я пробывал и с натом и без него, один хрен. В логи сквида просто ничего непоявляется, какбудто пакеты уходят в некуда