mime contents thru ipfw
Hugo Osorio
osorio.hugo at gmail.com
Mon Sep 26 06:41:30 PDT 2005
I have seen that "open rule" is insecure, and i wouldn't like to use it... i
want to continue trying to find the closed port, with this policy... there
must be something somewhere... so... i will continue bothering. sorry i am a
beginner, here are some conversations in the past that weren't submitted to
the group.
------------------
Proxy is an cache server. If u dont need , not use. If u want to use
proxy for caching web traffic and force this traffic throught proxy,u can do
that with fwd option in ipfw
example:
ipfw fwd $ip_proxy,$port_proxy tcp from not me to any 80 in via
$private_interface
This not affect in any way functionality for mail aplication (that
work in case of pop3 with 25 respectively 110 ports).
If u acces mail via web, this work well with proxy.
If still have problem, i'm sure is because configuration of proxy
(think use squid). I this case u need some options to permit
"connect" method. I dont remember now how look exactly.
----------------------
I have done this.. at the command line,
ipfw add fwd 172.25.1.5 <http://172.25.1.5/>,80 tcp from not me to any 80 in
via vr0
04200 fwd 172.25.1.5 <http://172.25.1.5/>,80 tcp from not me to any 80 in
recv vr0
also
ipfw add fwd 172.2X.X.X,80 tcp from 17X.XX.XX.0/24 to any 80 in via vr0
nothing happens.. i do see traffic, but very little..
this should refresh it ? i mean, this rule is active immediately? because i
can not do attachments yet.. not even showing my message list in yahoo.. (
http://e1.f405.mail.yahoo.com/ym/ShowFolder?YY=29820&box=Inbox&YN=1)
Proxy is Proxy server 2.0 microsoft,
I have unset the firewall, and i have plugged the router directly to the
switch.. and all is fine, so i am almost sure the hassle is in the fw,
thx
---------------------------------------------
I have two proxies available, and in the machine where i have the fw there
are routes created, for routing one proxy or another... 172.25.x.x or
172.24.x.x
with the .24.x.x proxy dont have any hassle..
but i do with the 25.x.x
>You have to redirect the whole HTTP traffic to the proxy, or nothing.
>You can't decide on layer 7 content.
what do you recommend me to do first?
----------------------------------------------
2005/9/23, Chuck Swiger <cswiger at mac.com>:
>
> Hugo Osorio wrote:
> > gracias,
> >
> > our (172.24.33.0 <http://172.24.33.0> <http://172.24.33.0>) LAN goes to
> internet through two
> > proxies, the new proxy which is the one i am trying to set up, is in
> another
> > network we have set routes to that LAN, (172.25.1.0 <http://172.25.1.0><
> http://172.25.1.0>)
>
> OK.
>
> > -is it inappropriate to put these address here? i hope not :s
>
> No. I was confused by the "<http://172.24.33.0>" strings, which someone
> said
> may be something to do with gmail.com <http://gmail.com>.
>
> > in order to be protected, we have set a firewall in this way:
> >
> > LAN(172.24.33.0 <http://172.24.33.0> <http://172.24.33.0>) --> SWITCH
> --> fw --> Router(
> > 172.25.19.X) --> proxy(172.25.1.5 <http://172.25.1.5> <http://172.25.1.5
> >)
>
> OK. You should start by testing access through the proxy server when
> logged
> onto your firewall box. If that doesn't work, debug your router or your
> network routes.
>
> > i have the other conf (using another proxy, another network) without the
> > string 'http://' and it works, and transfer everything.
> > and besides, using the new proxy, without the 'http://' string, it shows
> > bytes activity in 'ipfw show', i mean i can enter sites.
> >
> > For using "open firewall ruleset" do you have any basic document?
> >
> > another hint or help, will be appreciated, thank you.
>
> Look at /etc/rc.firewall and the "open" ruleset there.
>
> See:
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html
>
> ...which i!=u�ailable translated to other languages, also.
>
> --
> -Chuck
>
>
More information about the freebsd-ipfw
mailing list