Andrew Thomson wrote:
On Fri, Jun 13, 2003 at 09:47:09AM -0400, Bill Moran wrote:

Yes. You've got the right idea.


hmm.. i have encountered some difficulties ;) so now i'm seeking some
more advice..

i have the following rules on my firewall:

10561 skipto 11000 ip from 192.168.1.2 to any
10562 fwd 192.168.1.2,3128 tcp from 192.168.1.3 to any 80

keeping in line with my example, 1=fwall, 2=squid, 3=user

the skipto is in there so we go through nat and get a proper ip.

i never see any packets get to the squid box though..

ipfw show indicates matching packets
ipfw show 10561 10562
10561       5342        331306 skipto 11000 ip from 192.168.1.2 to any
10562       2520        120960 fwd 192.168.1.2,3128 tcp from 192.168.1.3 to any 80

a tcpdump on the squid box looking out for port 3128 shows nothing, although
the ipfw shows matches..

i'll keep digging around but any more tips would be appreciated on this
setup.

Someone else may have keener eyes, but for my part I can't guess what the problem could be from your description.

Can you send your entire ipfw ruleset?  (i.e. the complete output of 'ipfw show')
Perhaps then I'll be able to get a better idea what you're doing.  If 10562 is
catching packets, then it's likely that it's somewhere else that the problem lie.

--
Bill Moran
Potential Technologies
http://www.potentialtech.com

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to