Re: All in one machine running w/ Dansguardian+Squid+IPFW

Wed, 08 Sep 2010 20:21:40 -0700 

On 9/8/10 4:35 PM, Tony wrote:

I only use one ruleset at a time ..just trying different ones to see
if one or the other works. en1 is my private lan ..(wireless interface)

either case, it doesn't work ..btw, I'm using snow leopard ..


um you forgot to mention that one little fact!

being a FreeBSD mailing list I assumed you were using freeBSD!
I have no idea if the apple folks implemented the changes in the IP stack needed to do the forwarding to localhost. 
I suspect not.. you may need to look at the darwin sources to find
out.


anyone
here try using natd for redirection ..that may work i guess

On Wed, Sep 8, 2010 at 7:13 PM, Julian Elischer <jul...@elischer.org
<mailto:jul...@elischer.org>> wrote:

    On 9/8/10 2:46 PM, Tony wrote:

        I have one computer that has Dansguardian (127.0.0.1:8888
        <http://127.0.0.1:8888>) and Squid
        (127.0.0.1) and IPFW installed. From the same computer, I'm
        trying to
        redirect port 80 to Dansguardian's port 8888 using the
        rulesets below.
        Is this possible? I read that ipfw does not allow forwarding
        from the same
        machine. Is this true? I'm have tried both these ruleset
        separately and are
        not getting any hits when I do ipw show. Something wrong with
        my rules?


    there was a small window around 6.x (I think) where you needed  a
    special option to fwd to oneself in ipfw. It was removed quickly
    as it made forwarding useless in general.



        Ruleset #1

        ipfw add fwd 127.0.0.1:8888 <http://127.0.0.1:8888> tcp from
        192.168.0.154 to any 80 in recv en1


    looks vaguely right but I haven't done it in a while.



        ipfw add allow tcp from me to any 80 out xmit en1
        ipfw add allow tcp from any 80 to me in recv en1


        Ruleset#2

        ipfw add allow tcp from 192.168.0.154 to any 80 out xmit en1


    make up your mind.. is that machine out via en1 or somewhere else?


        ipfw add fwd 127.0.0.1,8888 tcp from 192.168.0.154 to any
        dst-port 80
        ipfw add allow tcp from any 80 to 192.168.0.154 in recv en1
        established


    can you draw a diagram?

    are these two rulesets supposed to coexist on the same
    machine?

        _______________________________________________
        freebsd-ipfw@freebsd.org <mailto:freebsd-ipfw@freebsd.org>
        mailing list
        http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
        To unsubscribe, send any mail to
        "freebsd-ipfw-unsubscr...@freebsd.org
        <mailto:freebsd-ipfw-unsubscr...@freebsd.org>"





_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Reply via email to