If you understand the title, you truly are a geek….just like me.Since I am an uber geekster of the computer variety, I like to setup firewalls, operating systems, and other related nerdly stuff.So I thought I’d post my processes of setting up a Squid proxy server, a Packet Filter (PF) firewall using MPD for the PPPoE (mine is really PPPoA) connection through Qwest’s Actiontec Modem on a FreeBSD (Unix) boxen.Since there is no definitive or recent guide on how to do this, I thought I’d write up my findings.Well, how do I begin???? This is no where complete, just a mere guideline. I wish I documented everything step by step, but it was/is an ongoing process.So, install FreeBSD on an old computer. Just minimal so it can connect to the net. You can find out how to install FreeBSD somewhere else. It’s the easiest OS I’ve ever installed (base system anyways). Then it has also been the hardest with configuration, firewalls, other stuff, and junk.Once connected, update your system, ports, etc. while behind an existing firewall of some sort.Then:pkg_add -r mpdpkg_add -r squidFor the mpd and pf configuration I followed a lot of this tut here:http://ezine.daemonnews.org/200406/mpd.htmlMind you, Qwest is my ISP, but the name really doesn’t matter. Instead of tonlinedsl, you could call it qwestdsl or the likes.Here is my mpd.conf file:default:load tonlinedsltonlinedsl:new -i ng0 tonlinedsl PPPoEset iface addrs x.x.x.x.set iface route defaultset iface disable on-demandset iface idle 0set bundle disable multilinkset bundle authname [email protected]set link no acfcomp protocompset link disable pap chapset link accept chapset link mtu 1492set link keep-alive 10 60set ipcp yes vjcompset ipcp ranges iface up-script /usr/local/etc/mpd/mpd_dsl.linkupopen ifaceHere is my pf.conf file#Macrosext_if=“ng0”int_if=“xl0”priv_nets="{x.x.x.x/24}"tcp_services="{53,113,3128}"icmp_types=“echoreq”# hosts that can use this system as a gatewaytable const {x.x.x.x/24}#optionsset block-policy returnset loginterface $ext_ifset skip on {lo0,$int_if}# Clean up fragmented and abnormal packets, defeat NAT detection too# max-mss is needed due to MPD’s poor MSS handlingscrub in allscrub out all random-id max-mss 1440# NAT section/Redirectnat on $ext_if from $int_if:network to any -> ($ext_if)rdr on $int_if proto tcp from any to ! ($int_if) port 21 -> port 8021#filter rulesblock log allblock drop in quick on $ext_if from $priv_nets to anyblock drop out quick on $ext_if from $ext_if to $priv_netspass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep statepass in on $ext_if inet proto tcp from port 20 to ($ext_if) user proxy flags S/SA keep statepass in inet proto icmp all icmp-type $icmp_types keep statepass in on $int_if from $int_if:network to any keep statepass out on $int_if from any to $int_if:network keep state#Otherpass out on $ext_if proto tcp all modulate state flags S/SApass out on $ext_if proto {udp,icmp} all keep stateThen, I setup squid pretty much verbatim (other than the cache location, and local definable settings.) using this link:http://www.bsdguides.org/guides/freebsd/networking/squid.phpI won’t post my squid.conf file since I just edited the original. You may want to just make yours like the Guide above.On the Qwest modem, I changed it to “transparent bridge,” turned off DHCP server, and tried to turn off NAT, but it wouldn’t let me. I may need to mess with it some more.Here is my rc.conf file:# Enable network daemons for user convenience.# Please make all changes to this file, not to /etc/defaults/rc.conf.# This file now contains just the overrides from /etc/defaults/rc.conf.hostname=“xxxx.xxxx.com”sshd_enable=“YES”usbd_enable=“YES”mpd_enable=“YES”natd_enable=“YES” #I don’t really know if this is necessarynatd_interface=“fxp0” #or this#PF estuffpf_enable=“YES”pf_flags="-d"pflog_enable=“YES”pflog_logfile="/var/log/pflog"pflog_flags=""gateway_enable=“YES”# – sysinstall generated deltas – # Thu Jan 18 20:32:48 2007ifconfig_xl0=“inet x.x.x.x netmask x.x.x.x”squid_enable=“YES”I have pf reloaded in a script due to what the mpd/pf guide said.Now I just need to modify my pf.conf to route every http(s) request over the squid proxy. The proxy works, it just also allows the LAN to get out directly as well. I also need to figure out how to get ftp to work either/with the proxy and/or PF.One of the hardest things for my mind to grasp is what is your external interface? It seems to be ng0, which is the interface that mpd creates. But the physical card is fxp0.After much tinkering and messing around, I got this to work for me. Some people may ask why? I say….mmmmmmmmmmmmBecauseIcanmmmmmmmm. And next to setup is perhaps squidguard to block the nasty sites from the kid.If you have any suggestions, enhancements, requests, please post here!Update: I got squidGuard working on the system….!!!! The main thing I learned is to change ownership and group on everyting to squid:squid!