-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 9 Jan 2007 15:28:44 +0100 (CET)
Oliver Fromme <[EMAIL PROTECTED]> wrote:
> Tek Bahadur Limbu wrote:
> > I run a transparent squid proxy using IPFW below:
> >
> > ipfw -q add allow tcp from 192.168.55.0/24 to any 3128 in via
> > bge0
>
> That's not the rule for transparent proxying. For that you
> need a "forward" (or "fwd") rule, not an "allow" rule.
> (Of course, the "allow" rule above might still be needed,
> but it's not the one that actually enables the transparent
> proxying).
>
> > Now I want the IP: 192.168.55.22 to bypass Squid when requesting
> > www.hotmail.com.
> >
> > How do I go about doing this using IPFW? Can somebody shed some
> > light on this issue?
>
> Simply add an "allow" rule for that IP, and place it
> _before_ the "forward" (or "fwd") rule in your rule set:
>
> allow tcp from 192.168.55.22 to www.hotmail.com
>
> Note that the hostname is not resolved dynamically, but
> at the time the rule is added to teh rule set.
>
> Best regards
>Oliver
>
> --
> Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
> Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
> Any opinions expressed in this message may be personal to the author
> and may not necessarily reflect the opinions of secnetix in any way.
>
> "To this day, many C programmers believe that 'strong typing'
> just means pounding extra hard on the keyboard."
> -- Peter van der Linden
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
>
Dear Oliver Fromme,
Thanks for your input. I really appreciate it. I have rechecked my
firewall and I do have the following rule:
$IPFW add fwd 127.0.0.1,3128 tcp from any to any 80 in
I have place your rule on top of the above rules like this:
ipfw -q allow tcp from 192.168.55.22 to www.hotmail.com
ipfw -a add fwd 127.0.0.1,3128 tcp from any to any 80 in
ipfw -q add allow tcp from 192.168.55.0/24 to any 3128 in via bge0
Are the above rules correct ?
Once again, thanks alot.
--
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (FreeBSD)
iD8DBQFFpJc4VrOl+eVhOvYRAigpAJ9WDSsy7CsXtCI9qKwXLqsujnmHXQCcDstb
wwjEiMWm0P280aBFuhDsq+0=
=Vcsn
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"