Re: Using IPFW to bypass hotmail.com

2007-01-09 Thread Tek Bahadur Limbu 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On Tue, 9 Jan 2007 15:28:44 +0100 (CET)
Oliver Fromme <[EMAIL PROTECTED]> wrote:

> Tek Bahadur Limbu wrote:
>  > I run a transparent squid proxy using IPFW below:
>  > 
>  > ipfw -q add allow tcp  from 192.168.55.0/24 to any  3128 in via
>  > bge0
> 
> That's not the rule for transparent proxying.  For that you
> need a "forward" (or "fwd") rule, not an "allow" rule.
> (Of course, the "allow" rule above might still be needed,
> but it's not the one that actually enables the transparent
> proxying).
> 
>  > Now I want the IP: 192.168.55.22 to bypass Squid when requesting
>  > www.hotmail.com.
>  > 
>  > How do I go about doing this using IPFW? Can somebody shed some
>  > light on this issue?
> 
> Simply add an "allow" rule for that IP, and place it
> _before_ the "forward" (or "fwd") rule in your rule set:
> 
> allow tcp from 192.168.55.22 to www.hotmail.com
> 
> Note that the hostname is not resolved dynamically, but
> at the time the rule is added to teh rule set.
> 
> Best regards
>Oliver
> 
> -- 
> Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
> Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
> Any opinions expressed in this message may be personal to the author
> and may not necessarily reflect the opinions of secnetix in any way.
> 
> "To this day, many C programmers believe that 'strong typing'
> just means pounding extra hard on the keyboard."
> -- Peter van der Linden
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
> 

Dear Oliver Fromme,

Thanks for your input. I really appreciate it. I have rechecked my
firewall and I do have the following rule:

$IPFW add fwd 127.0.0.1,3128 tcp from any to any 80 in


I have place your rule on top of the above rules like this:

ipfw -q allow tcp from 192.168.55.22 to www.hotmail.com
ipfw -a add fwd 127.0.0.1,3128 tcp from any to any 80 in
ipfw -q add allow tcp  from 192.168.55.0/24 to any  3128 in via bge0

Are the above rules correct ?


Once again, thanks alot.



 -- 


With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFFpJc4VrOl+eVhOvYRAigpAJ9WDSsy7CsXtCI9qKwXLqsujnmHXQCcDstb
wwjEiMWm0P280aBFuhDsq+0=
=Vcsn
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Using IPFW to bypass hotmail.com

2007-01-09 Thread Oliver Fromme 
Tek Bahadur Limbu wrote:
 > I run a transparent squid proxy using IPFW below:
 > 
 > ipfw -q add allow tcp  from 192.168.55.0/24 to any  3128 in via bge0

That's not the rule for transparent proxying.  For that you
need a "forward" (or "fwd") rule, not an "allow" rule.
(Of course, the "allow" rule above might still be needed,
but it's not the one that actually enables the transparent
proxying).

 > Now I want the IP: 192.168.55.22 to bypass Squid when requesting
 > www.hotmail.com.
 > 
 > How do I go about doing this using IPFW? Can somebody shed some light
 > on this issue?

Simply add an "allow" rule for that IP, and place it
_before_ the "forward" (or "fwd") rule in your rule set:

allow tcp from 192.168.55.22 to www.hotmail.com

Note that the hostname is not resolved dynamically, but
at the time the rule is added to teh rule set.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"To this day, many C programmers believe that 'strong typing'
just means pounding extra hard on the keyboard."
-- Peter van der Linden
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Using IPFW to bypass hotmail.com

2007-01-09 Thread Tek Bahadur Limbu 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Dear All,

I run a transparent squid proxy using IPFW below:

ipfw -q add allow tcp  from 192.168.55.0/24 to any  3128 in via bge0

Now I want the IP: 192.168.55.22 to bypass Squid when requesting
www.hotmail.com.

How do I go about doing this using IPFW? Can somebody shed some light
on this issue?

Thanks.


- -- 


With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFFo3IGVrOl+eVhOvYRAliLAJsEHVzJ/5517Jh4VO89dncftAU6GACgqsXo
cBxfF4URRL+dh5jiqaxZQAE=
=KwVZ
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"