my setup looks like this PC1 -> browser -> firewall(redirects port 80 to 8888) -> dansguardian( 127.0.0.1:8888) -> squid(127.0.0.1:3333) -> internet
keep in mind that everything you see above are all on the same PC1 On Wed, Sep 8, 2010 at 7:13 PM, Julian Elischer <[email protected]> wrote: > On 9/8/10 2:46 PM, Tony wrote: > >> I have one computer that has Dansguardian (127.0.0.1:8888) and Squid >> (127.0.0.1) and IPFW installed. From the same computer, I'm trying to >> redirect port 80 to Dansguardian's port 8888 using the rulesets below. >> Is this possible? I read that ipfw does not allow forwarding from the same >> machine. Is this true? I'm have tried both these ruleset separately and >> are >> not getting any hits when I do ipw show. Something wrong with my rules? >> > > there was a small window around 6.x (I think) where you needed a > special option to fwd to oneself in ipfw. It was removed quickly as it made > forwarding useless in general. > > > >> Ruleset #1 >> >> ipfw add fwd 127.0.0.1:8888 tcp from 192.168.0.154 to any 80 in recv en1 >> > > looks vaguely right but I haven't done it in a while. > > > > ipfw add allow tcp from me to any 80 out xmit en1 >> ipfw add allow tcp from any 80 to me in recv en1 >> >> >> Ruleset#2 >> >> ipfw add allow tcp from 192.168.0.154 to any 80 out xmit en1 >> > > make up your mind.. is that machine out via en1 or somewhere else? > > > ipfw add fwd 127.0.0.1,8888 tcp from 192.168.0.154 to any dst-port 80 >> ipfw add allow tcp from any 80 to 192.168.0.154 in recv en1 established >> > > can you draw a diagram? > > are these two rulesets supposed to coexist on the same > machine? > >> _______________________________________________ >> [email protected] mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "[email protected]" >> > > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
