Configuring IPFW (Firewall) and Proxy/Nylon, Help Please
Hello There, I currently am a running 5.2.1-Release which is configured as a gateway with kernel firewall support. I have installed Squid (Proxy) and Nylon (SOCKS) which seem to be configured fine. However, I need help in getting all http/https traffic to only route to the proxy (Port 3128) and all other traffic to point to nylon (Port 1080). This way the proxy and socks server cannot be circumvented. Could someone please suggest some tips or a website? I am using the standard rc.firewall configuration. Thanks! Below is my rc.conf file: --- gateway_enable=YES firewall_enable=YES firewall_type=OPEN natd_enable=YES natd_interface=ed0 #natd_flags=-f /etc/natd.conf hostname=** ifconfig_ed0=DHCP inetd_enable=YES keyrate=fast sshd_enable=YES usbd_enable=YES ifconfig_dc0=inet 192.168.1.254 netmask 255.255.255.0 defaultrouter=192.168.1.254 ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring IPFW (Firewall) and Proxy/Nylon, Help Please
Hello, On Mon, 13 Sep 2004 16:26:15 -0700 (PDT), JP [EMAIL PROTECTED] wrote: Hello There, I currently am a running 5.2.1-Release which is configured as a gateway with kernel firewall support. I have installed Squid (Proxy) and Nylon (SOCKS) which seem to be configured fine. However, I need help in getting all http/https traffic to only route to the proxy (Port 3128) and all other traffic to point to nylon (Port 1080). This way the proxy and socks server cannot be circumvented. Could someone please suggest some tips or a website? I am using the standard rc.firewall configuration. http runs on port 80 by default and https on port 443 so you can divert incoming traffic on port 80 and 443 on port 3128. And do not forget to save the states for the incoming traffic or the reply traffic wont get through. For the later section you can set up a default divert for everthing to port 1080. Thanks! You are welcome Below is my rc.conf file: --- gateway_enable=YES firewall_enable=YES firewall_type=OPEN ---you need to remove this and make this point to your firewall ruleset file natd_enable=YES ---You need to comment this out because if natd is running the clients can anyway get through the NAT and avoid proxy. natd_interface=ed0 #natd_flags=-f /etc/natd.conf hostname=** ifconfig_ed0=DHCP inetd_enable=YES keyrate=fast sshd_enable=YES usbd_enable=YES ifconfig_dc0=inet 192.168.1.254 netmask 255.255.255.0 defaultrouter=192.168.1.254 Regards S. -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Configuring IPFW (Firewall) and Proxy/Nylon, Help Please
On Tue, 14 Sep 2004 10:22:16 +0530, Subhro [EMAIL PROTECTED] wrote: Hello, On Mon, 13 Sep 2004 16:26:15 -0700 (PDT), JP [EMAIL PROTECTED] wrote: Hello There, I currently am a running 5.2.1-Release which is configured as a gateway with kernel firewall support. I have installed Squid (Proxy) and Nylon (SOCKS) which seem to be configured fine. However, I need help in getting all http/https traffic to only route to the proxy (Port 3128) and all other traffic to point to nylon (Port 1080). This way the proxy and socks server cannot be circumvented. Could someone please suggest some tips or a website? I am using the standard rc.firewall configuration. http runs on port 80 by default and https on port 443 so you can divert incoming traffic on port 80 and 443 on port 3128. And do not forget to save the states for the incoming traffic or the reply traffic wont get through. For the later section you can set up a default divert for everthing to port 1080. Thanks! You are welcome Below is my rc.conf file: --- gateway_enable=YES firewall_enable=YES firewall_type=OPEN ---you need to remove this and make this point to your firewall ruleset file natd_enable=YES ---You need to comment this out because if natd is running the clients can anyway get through the NAT and avoid proxy. natd_interface=ed0 #natd_flags=-f /etc/natd.conf hostname=** ifconfig_ed0=DHCP inetd_enable=YES keyrate=fast sshd_enable=YES usbd_enable=YES Sorry to backpost but what are trying to achieve by the next two lines? ifconfig_dc0=inet 192.168.1.254 netmask 255.255.255.0 defaultrouter=192.168.1.254 Regards S. -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
