Re: All in one machine running w/ Dansguardian+Squid+IPFW

Wed, 08 Sep 2010 20:22:41 -0700 

On 9/8/10 4:44 PM, Tony wrote:

my setup looks like this

PC1 ->  browser ->  firewall(redirects port 80 to 8888) ->  dansguardian(
127.0.0.1:8888) ->  squid(127.0.0.1:3333) ->  internet

keep in mind that everything you see above are all on the same PC1



you may need to use divert and natd to achieve the effect you require.





On Wed, Sep 8, 2010 at 7:13 PM, Julian Elischer<[email protected]>  wrote:


On 9/8/10 2:46 PM, Tony wrote:


I have one computer that has Dansguardian (127.0.0.1:8888) and Squid
(127.0.0.1) and IPFW installed. From the same computer, I'm trying to
redirect port 80 to Dansguardian's port 8888 using the rulesets below.
Is this possible? I read that ipfw does not allow forwarding from the same
machine. Is this true? I'm have tried both these ruleset separately and
are
not getting any hits when I do ipw show. Something wrong with my rules?



there was a small window around 6.x (I think) where you needed  a
special option to fwd to oneself in ipfw. It was removed quickly as it made
forwarding useless in general.




Ruleset #1

ipfw add fwd 127.0.0.1:8888 tcp from 192.168.0.154 to any 80 in recv en1



looks vaguely right but I haven't done it in a while.



  ipfw add allow tcp from me to any 80 out xmit en1

ipfw add allow tcp from any 80 to me in recv en1


Ruleset#2

ipfw add allow tcp from 192.168.0.154 to any 80 out xmit en1



make up your mind.. is that machine out via en1 or somewhere else?


  ipfw add fwd 127.0.0.1,8888 tcp from 192.168.0.154 to any dst-port 80

ipfw add allow tcp from any 80 to 192.168.0.154 in recv en1 established



can you draw a diagram?

are these two rulesets supposed to coexist on the same
machine?


_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"





_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"


_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"

Reply via email to