Esperimente usar : /sbin/ipfw add fwd 10.5.0.1,3128 tcp from 10.5.0.0/16 to any dst-port 80
Coloque no lugar de 127.0.0.1,,,,,, o ip do seu gateway interno ----- Original Message ----- From: "Alexandre Andrade" <[EMAIL PROTECTED]> To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)" <freebsd@fug.com.br> Sent: Thursday, October 05, 2006 4:59 PM Subject: Re: [FUG-BR] Proxy-Transparente + IPFW > Opa, > > Realmente não tá tão fácil mesmo. hehehe > > Bom eu não se o fato de eu ter apenas uma interface de rede > atrapalharia. Eu faço NAT para alguns IPS aqui da minha própria rede > Interna. > > Mas adicionando a regra desse jeito também não rolou. Pra vc ter uma > idéia nem LOGA nada no SQUID. > > Valeu > > On 10/5/06, Alexandre Maciente <[EMAIL PROTECTED]> wrote: >> Opa! Tá fácil não heim, rs.. >> >> Amigo, tente colocar suas regras de firewall desta forma: >> >> /sbin/ipfw -q -f flush >> /sbin/ipfw add check-state >> /sbin/ipfw add allow all from any to any via lo0 >> /sbin/ipfw add allow log icmp from any to any >> /sbin/ipfw add allow ip from 10.5.0.0/16 to any keep-state >> /sbin/ipfw add allow ip from any to 10.5.0.0/16 keep-state >> /sbin/ipfw add fwd 127.0.0.1,3128 tcp from 10.5.0.0/16 to any dst-port 80 >> /sbin/ipfw add divert natd all from any to any via lnc0 >> /sbin/ipfw add 65000 deny all from any to any >> >> Com o squid está td correto mesmo né? >> >> Boa sorte! >> >> Alexandre Maciente >> >> ----- Original Message ----- >> From: "Alexandre Andrade" <[EMAIL PROTECTED]> >> To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)" >> <freebsd@fug.com.br> >> Sent: Thursday, October 05, 2006 4:34 PM >> Subject: Re: [FUG-BR] Proxy-Transparente + IPFW >> >> >> Olá, >> >> Então sem chance cara, fiz o que vc falou e não rolou. Tá assim agora. >> >> /sbin/ipfw -q -f flush >> /sbin/ipfw add 65 fwd 127.0.0.1,3128 tcp from 10.5.0.0/16 to any dst-port >> 80 >> /sbin/ipfw add 80 divert natd all from any to any via lnc0 >> /sbin/ipfw add 90 check-state >> /sbin/ipfw add 95 allow all from any to any via lo0 >> /sbin/ipfw add 100 allow log icmp from any to any >> /sbin/ipfw add 200 allow ip from 10.5.0.0/16 to any keep-state >> /sbin/ipfw add 250 allow ip from any to 10.5.0.0/16 keep-state >> /sbin/ipfw add 65000 deny all from any to any >> >> Só pra contar vai o natd.conf também. >> >> interface lnc0 >> dynamic yes >> same_ports yes >> use_sockets yes >> unregistered_only no >> >> >> Valeu >> >> On 10/5/06, Alexandre Maciente <[EMAIL PROTECTED]> wrote: >> > Blz, >> > >> > Vamos lá, tente adicionar a regra desta froma então: >> > >> > ipfw add 65 fwd 127.0.0.1,3128 tcp from 192.168.0.0/24 to any dst-port >> > 80 >> > >> > Supondo que classe de Ips de sua rede seja 192.168.0.0/24 >> > >> > Qualque coisa tamo aí. >> > >> > Alexandre >> > >> > >> > ----- Original Message ----- >> > From: "Alexandre Andrade" <[EMAIL PROTECTED]> >> > To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)" >> > <freebsd@fug.com.br> >> > Sent: Thursday, October 05, 2006 4:20 PM >> > Subject: Re: [FUG-BR] Proxy-Transparente + IPFW >> > >> > >> > Fala ae, >> > >> > Pior que eu já coloquei: Ficou assim: >> > >> > /sbin/ipfw -q -f flush >> > /sbin/ipfw add 65 fwd 127.0.0.1,3128 tcp from any to any 80 >> > /sbin/ipfw add 80 divert natd all from any to any via lnc0 >> > /sbin/ipfw add 90 check-state >> > /sbin/ipfw add 95 allow all from any to any via lo0 >> > /sbin/ipfw add 100 allow log icmp from any to any >> > /sbin/ipfw add 200 allow ip from 10.5.0.0/16 to any keep-state >> > /sbin/ipfw add 250 allow ip from any to 10.5.0.0/16 keep-state >> > /sbin/ipfw add 65000 deny all from any to any >> > >> > Valeu >> > >> > >> > On 10/5/06, Alexandre Maciente <[EMAIL PROTECTED]> wrote: >> > > Olá Alexandre (chará), >> > > >> > > Tente colocar a regra de forward (165) antes da regra de Nat e >> > > (divert >> > > 80). >> > > >> > > Boa sorte! >> > > >> > > Alexandre Maciente >> > > >> > > >> > > ----- Original Message ----- >> > > From: "Alexandre Andrade" <[EMAIL PROTECTED]> >> > > To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)" >> > > <Freebsd@fug.com.br> >> > > Sent: Thursday, October 05, 2006 3:49 PM >> > > Subject: [FUG-BR] Proxy-Transparente + IPFW >> > > >> > > >> > > Hello pessoal, >> > > >> > > Acho que hoje não acordei muito inspirado e to quebrando a cabeça pra >> > > fazer um Proxy-Transparente funcionar. heheh >> > > >> > > Segue as minhas regras de IPFW, o que será que tá errado. ? >> > > >> > > /sbin/ipfw -q -f flush >> > > /sbin/ipfw add 80 divert natd all from any to any via lnc0 >> > > /sbin/ipfw add 90 check-state >> > > /sbin/ipfw add 95 allow all from any to any via lo0 >> > > /sbin/ipfw add 100 allow log icmp from any to any >> > > /sbin/ipfw add 164 allow tcp from any to any >> > > /sbin/ipfw add 165 fwd 127.0.0.1,3128 tcp from any to any 80 >> > > /sbin/ipfw add 200 allow ip from 10.5.0.0/16 to any keep-state >> > > /sbin/ipfw add 250 allow ip from any to 10.5.0.0/16 keep-state >> > > /sbin/ipfw add 65000 deny all from any to any >> > > >> > > Só lembrando que o SQUID tá perfeitamente configurado. >> > > >> > > Valeu. >> > > >> > > -- >> > > ============================ >> > > Alexandre Andrade >> > > São Paulo - SP >> > > Linux User: 337239 >> > > BSD User: BSD051253 >> > > [EMAIL PROTECTED] >> > > ============================ >> > > ------------------------- >> > > Histórico: http://www.fug.com.br/historico/html/freebsd/ >> > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> > > >> > > ------------------------- >> > > Histórico: http://www.fug.com.br/historico/html/freebsd/ >> > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> > > >> > >> > >> > -- >> > ============================ >> > Alexandre Andrade >> > São Paulo - SP >> > Linux User: 337239 >> > BSD User: BSD051253 >> > [EMAIL PROTECTED] >> > ============================ >> > ------------------------- >> > Histórico: http://www.fug.com.br/historico/html/freebsd/ >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> > >> > ------------------------- >> > Histórico: http://www.fug.com.br/historico/html/freebsd/ >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> > >> >> >> -- >> ============================ >> Alexandre Andrade >> São Paulo - SP >> Linux User: 337239 >> BSD User: BSD051253 >> [EMAIL PROTECTED] >> ============================ >> ------------------------- >> Histórico: http://www.fug.com.br/historico/html/freebsd/ >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> >> ------------------------- >> Histórico: http://www.fug.com.br/historico/html/freebsd/ >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd >> > > > -- > ============================ > Alexandre Andrade > São Paulo - SP > Linux User: 337239 > BSD User: BSD051253 > [EMAIL PROTECTED] > ============================ > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
