you can forward packets directly to squid by: ipfw add fwd 127.0.0.1,3333 tcp from not me to any dst-port 80
Ozkan KIRIK Mersin University @ Turkey On Thu, Sep 9, 2010 at 6:22 AM, Julian Elischer <jul...@elischer.org> wrote: > On 9/8/10 4:44 PM, Tony wrote: >> >> my setup looks like this >> >> PC1 -> browser -> firewall(redirects port 80 to 8888) -> dansguardian( >> 127.0.0.1:8888) -> squid(127.0.0.1:3333) -> internet >> >> keep in mind that everything you see above are all on the same PC1 >> > > you may need to use divert and natd to achieve the effect you require. > > >> >> >> On Wed, Sep 8, 2010 at 7:13 PM, Julian Elischer<jul...@elischer.org> >> wrote: >> >>> On 9/8/10 2:46 PM, Tony wrote: >>> >>>> I have one computer that has Dansguardian (127.0.0.1:8888) and Squid >>>> (127.0.0.1) and IPFW installed. From the same computer, I'm trying to >>>> redirect port 80 to Dansguardian's port 8888 using the rulesets below. >>>> Is this possible? I read that ipfw does not allow forwarding from the >>>> same >>>> machine. Is this true? I'm have tried both these ruleset separately and >>>> are >>>> not getting any hits when I do ipw show. Something wrong with my rules? >>>> >>> >>> there was a small window around 6.x (I think) where you needed a >>> special option to fwd to oneself in ipfw. It was removed quickly as it >>> made >>> forwarding useless in general. >>> >>> >>> >>>> Ruleset #1 >>>> >>>> ipfw add fwd 127.0.0.1:8888 tcp from 192.168.0.154 to any 80 in recv en1 >>>> >>> >>> looks vaguely right but I haven't done it in a while. >>> >>> >>> >>> ipfw add allow tcp from me to any 80 out xmit en1 >>>> >>>> ipfw add allow tcp from any 80 to me in recv en1 >>>> >>>> >>>> Ruleset#2 >>>> >>>> ipfw add allow tcp from 192.168.0.154 to any 80 out xmit en1 >>>> >>> >>> make up your mind.. is that machine out via en1 or somewhere else? >>> >>> >>> ipfw add fwd 127.0.0.1,8888 tcp from 192.168.0.154 to any dst-port 80 >>>> >>>> ipfw add allow tcp from any 80 to 192.168.0.154 in recv en1 established >>>> >>> >>> can you draw a diagram? >>> >>> are these two rulesets supposed to coexist on the same >>> machine? >>> >>>> _______________________________________________ >>>> freebsd-ipfw@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org" >>>> >>> >>> >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org" > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org" > _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
