Hello, Então não adiantou usar essa regra não. Ele simplesmente nem passa pela Regra. Olha como ficou a ordem:
/sbin/ipfw -q -f flush /sbin/ipfw add 65 fwd 10.5.1.1,3128 tcp from 10.5.0.0/16 to any dst-port 80 /sbin/ipfw add 80 divert natd all from any to any via lnc0 /sbin/ipfw add 90 check-state /sbin/ipfw add 95 allow all from any to any via lo0 /sbin/ipfw add 100 allow log icmp from any to any /sbin/ipfw add 200 allow ip from 10.5.0.0/16 to any keep-state /sbin/ipfw add 250 allow ip from any to 10.5.0.0/16 keep-state /sbin/ipfw add 65000 deny all from any to any Acho que vou deixar pra lá. ehhehe Valeu On 10/6/06, Edson Mendes <[EMAIL PROTECTED]> wrote: > Esperimente usar : > > /sbin/ipfw add fwd 10.5.0.1,3128 tcp from 10.5.0.0/16 to any dst-port 80 > > Coloque no lugar de 127.0.0.1,,,,,, o ip do seu gateway interno > > ----- Original Message ----- > From: "Alexandre Andrade" <[EMAIL PROTECTED]> > To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)" > <freebsd@fug.com.br> > Sent: Thursday, October 05, 2006 4:59 PM > Subject: Re: [FUG-BR] Proxy-Transparente + IPFW > > > > Opa, > > > > Realmente não tá tão fácil mesmo. hehehe > > > > Bom eu não se o fato de eu ter apenas uma interface de rede > > atrapalharia. Eu faço NAT para alguns IPS aqui da minha própria rede > > Interna. > > > > Mas adicionando a regra desse jeito também não rolou. Pra vc ter uma > > idéia nem LOGA nada no SQUID. > > > > Valeu > > > > On 10/5/06, Alexandre Maciente <[EMAIL PROTECTED]> wrote: > >> Opa! Tá fácil não heim, rs.. > >> > >> Amigo, tente colocar suas regras de firewall desta forma: > >> > >> /sbin/ipfw -q -f flush > >> /sbin/ipfw add check-state > >> /sbin/ipfw add allow all from any to any via lo0 > >> /sbin/ipfw add allow log icmp from any to any > >> /sbin/ipfw add allow ip from 10.5.0.0/16 to any keep-state > >> /sbin/ipfw add allow ip from any to 10.5.0.0/16 keep-state > >> /sbin/ipfw add fwd 127.0.0.1,3128 tcp from 10.5.0.0/16 to any dst-port 80 > >> /sbin/ipfw add divert natd all from any to any via lnc0 > >> /sbin/ipfw add 65000 deny all from any to any > >> > >> Com o squid está td correto mesmo né? > >> > >> Boa sorte! > >> > >> Alexandre Maciente > >> > >> ----- Original Message ----- > >> From: "Alexandre Andrade" <[EMAIL PROTECTED]> > >> To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)" > >> <freebsd@fug.com.br> > >> Sent: Thursday, October 05, 2006 4:34 PM > >> Subject: Re: [FUG-BR] Proxy-Transparente + IPFW > >> > >> > >> Olá, > >> > >> Então sem chance cara, fiz o que vc falou e não rolou. Tá assim agora. > >> > >> /sbin/ipfw -q -f flush > >> /sbin/ipfw add 65 fwd 127.0.0.1,3128 tcp from 10.5.0.0/16 to any dst-port > >> 80 > >> /sbin/ipfw add 80 divert natd all from any to any via lnc0 > >> /sbin/ipfw add 90 check-state > >> /sbin/ipfw add 95 allow all from any to any via lo0 > >> /sbin/ipfw add 100 allow log icmp from any to any > >> /sbin/ipfw add 200 allow ip from 10.5.0.0/16 to any keep-state > >> /sbin/ipfw add 250 allow ip from any to 10.5.0.0/16 keep-state > >> /sbin/ipfw add 65000 deny all from any to any > >> > >> Só pra contar vai o natd.conf também. > >> > >> interface lnc0 > >> dynamic yes > >> same_ports yes > >> use_sockets yes > >> unregistered_only no > >> > >> > >> Valeu > >> > >> On 10/5/06, Alexandre Maciente <[EMAIL PROTECTED]> wrote: > >> > Blz, > >> > > >> > Vamos lá, tente adicionar a regra desta froma então: > >> > > >> > ipfw add 65 fwd 127.0.0.1,3128 tcp from 192.168.0.0/24 to any dst-port > >> > 80 > >> > > >> > Supondo que classe de Ips de sua rede seja 192.168.0.0/24 > >> > > >> > Qualque coisa tamo aí. > >> > > >> > Alexandre > >> > > >> > > >> > ----- Original Message ----- > >> > From: "Alexandre Andrade" <[EMAIL PROTECTED]> > >> > To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)" > >> > <freebsd@fug.com.br> > >> > Sent: Thursday, October 05, 2006 4:20 PM > >> > Subject: Re: [FUG-BR] Proxy-Transparente + IPFW > >> > > >> > > >> > Fala ae, > >> > > >> > Pior que eu já coloquei: Ficou assim: > >> > > >> > /sbin/ipfw -q -f flush > >> > /sbin/ipfw add 65 fwd 127.0.0.1,3128 tcp from any to any 80 > >> > /sbin/ipfw add 80 divert natd all from any to any via lnc0 > >> > /sbin/ipfw add 90 check-state > >> > /sbin/ipfw add 95 allow all from any to any via lo0 > >> > /sbin/ipfw add 100 allow log icmp from any to any > >> > /sbin/ipfw add 200 allow ip from 10.5.0.0/16 to any keep-state > >> > /sbin/ipfw add 250 allow ip from any to 10.5.0.0/16 keep-state > >> > /sbin/ipfw add 65000 deny all from any to any > >> > > >> > Valeu > >> > > >> > > >> > On 10/5/06, Alexandre Maciente <[EMAIL PROTECTED]> wrote: > >> > > Olá Alexandre (chará), > >> > > > >> > > Tente colocar a regra de forward (165) antes da regra de Nat e > >> > > (divert > >> > > 80). > >> > > > >> > > Boa sorte! > >> > > > >> > > Alexandre Maciente > >> > > > >> > > > >> > > ----- Original Message ----- > >> > > From: "Alexandre Andrade" <[EMAIL PROTECTED]> > >> > > To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)" > >> > > <Freebsd@fug.com.br> > >> > > Sent: Thursday, October 05, 2006 3:49 PM > >> > > Subject: [FUG-BR] Proxy-Transparente + IPFW > >> > > > >> > > > >> > > Hello pessoal, > >> > > > >> > > Acho que hoje não acordei muito inspirado e to quebrando a cabeça pra > >> > > fazer um Proxy-Transparente funcionar. heheh > >> > > > >> > > Segue as minhas regras de IPFW, o que será que tá errado. ? > >> > > > >> > > /sbin/ipfw -q -f flush > >> > > /sbin/ipfw add 80 divert natd all from any to any via lnc0 > >> > > /sbin/ipfw add 90 check-state > >> > > /sbin/ipfw add 95 allow all from any to any via lo0 > >> > > /sbin/ipfw add 100 allow log icmp from any to any > >> > > /sbin/ipfw add 164 allow tcp from any to any > >> > > /sbin/ipfw add 165 fwd 127.0.0.1,3128 tcp from any to any 80 > >> > > /sbin/ipfw add 200 allow ip from 10.5.0.0/16 to any keep-state > >> > > /sbin/ipfw add 250 allow ip from any to 10.5.0.0/16 keep-state > >> > > /sbin/ipfw add 65000 deny all from any to any > >> > > > >> > > Só lembrando que o SQUID tá perfeitamente configurado. > >> > > > >> > > Valeu. > >> > > > >> > > -- > >> > > ============================ > >> > > Alexandre Andrade > >> > > São Paulo - SP > >> > > Linux User: 337239 > >> > > BSD User: BSD051253 > >> > > [EMAIL PROTECTED] > >> > > ============================ > >> > > ------------------------- > >> > > Histórico: http://www.fug.com.br/historico/html/freebsd/ > >> > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > >> > > > >> > > ------------------------- > >> > > Histórico: http://www.fug.com.br/historico/html/freebsd/ > >> > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > >> > > > >> > > >> > > >> > -- > >> > ============================ > >> > Alexandre Andrade > >> > São Paulo - SP > >> > Linux User: 337239 > >> > BSD User: BSD051253 > >> > [EMAIL PROTECTED] > >> > ============================ > >> > ------------------------- > >> > Histórico: http://www.fug.com.br/historico/html/freebsd/ > >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > >> > > >> > ------------------------- > >> > Histórico: http://www.fug.com.br/historico/html/freebsd/ > >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > >> > > >> > >> > >> -- > >> ============================ > >> Alexandre Andrade > >> São Paulo - SP > >> Linux User: 337239 > >> BSD User: BSD051253 > >> [EMAIL PROTECTED] > >> ============================ > >> ------------------------- > >> Histórico: http://www.fug.com.br/historico/html/freebsd/ > >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > >> > >> ------------------------- > >> Histórico: http://www.fug.com.br/historico/html/freebsd/ > >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > >> > > > > > > -- > > ============================ > > Alexandre Andrade > > São Paulo - SP > > Linux User: 337239 > > BSD User: BSD051253 > > [EMAIL PROTECTED] > > ============================ > > ------------------------- > > Histórico: http://www.fug.com.br/historico/html/freebsd/ > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > > > > > > > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > -- ============================ Alexandre Andrade São Paulo - SP Linux User: 337239 BSD User: BSD051253 [EMAIL PROTECTED] ============================ ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
