Joao Carlos Mendes Luis wrote:
> > ipfw add allow ip from any to any out
the probele is the line above.
> > ipfw add fwd localhost,3128 log tcp from any to any 3128 in
the above shoudl be 'out'.. FWD is not symetrical..
you can only fwd locally on 'in' and fwd remotly on 'out'. It says this in the
man page but it's a bit hard to read. I should fix it..
>
> Do not change the port in the first machine. Maybe even better, do not
> change the port at all, and let squid listen on port 80 also!
you need to have a rule on the squid machine too,
so you might as well set it to 3128 so that people can use it directly as well
not only as a transparent proxy..
>
> >
> > = otherwise it will reflect the packet back at it's original destination
> > = as it still has headers saying it wants to go there. (It's unaltered).
> >
> > The firewall machine logs
> >
> > ipfw: 3000 Forward to squid.ip:3128 TCP client.ip:3977 web.server.ip:80 in via dc0
> >
> > But the client still talks to the web-server directly :( The squid's log
> > is quiet... Anything I'm missing? Perhaps, I need a user-space program
> > of some sort to run on the firewall to do the tunneling? Thanks!
>
> IIRC, ipfw fwd to another machine does not change tcp port number, that why
> I suggested the above.
yes the port to use is specified in the rule on the ipfw on the squid machine.
(it needs one too because it needs to capture a packet that is destined
some completely different place.)
>
> Jonny
>
> --
> João Carlos Mendes Luís [EMAIL PROTECTED]
> Networking Engineer [EMAIL PROTECTED]
> Internet via Embratel [EMAIL PROTECTED]
--
__--_|\ Julian Elischer
/ \ [EMAIL PROTECTED]
( OZ ) World tour 2000-2001
---> X_.---._/
v
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
