My ipfw rules doesn't work

Ezra Banoba ebanoba at one2net.co.ug
Sat Jul 10 01:06:18 PDT 2004 

Did you configure your squid with transparent-proxy support?
I'm not sure about how the BSD protocol stack handles this but assuming
the redirection is dealt with before the bridging, then there should be
no problem.
On Fri, 2004-07-09 at 14:48, Carlos Alarcón wrote:

>  who have  
> the proxy's configuration fails giving me this
> message
> 
> You are not authorized to view this page
> You might not have permission to view this directory or page using the  
> credentials you supplied.

Does this also happen with the client browser settings set to point to
the proxy?

> i add the ipfw output
> 
> 00012     1587     1148100 fwd 172.16.1.33,3128 tcp from any to any  
> dst-port 80
> 00100  9257210  6707379406 pipe 1 ip from any to any in via xl0
> 00200  1558457   715268891 pipe 2 ip from any to any out via xl0
> 01300     2027      101248 deny ip from 10.0.0.0/8 to any in via xl0
> 01400     2315       96466 deny ip from 192.168.0.0/16 to any in via xl0
> 01500 14882804 10144500248 allow tcp from 172.16.1.33 to any setup  
> keep-state
> 01600   437760    84307478 allow udp from 172.16.1.33 to any keep-state
> 01700    53564    13382458 allow ip from 172.16.1.33 to any
> 01800 89927607 52765076360 allow tcp from any to any in via xl1 setup  
> keep-state
> 01900 18918311  2483412584 allow udp from any to any in via xl1 keep-state
> 02000  3629310   116342293 allow ip from any to any in via xl1
> 02500      830       41582 allow icmp from any to any icmptypes 8  
> keep-state
> 02600   568996    61796292 allow icmp from any to any icmptypes 3
> 02700    15888     1527232 allow icmp from any to any icmptypes 11
> 02800  9118822  2306878168 allow ip from any to any
> 65535      352       10550 deny ip from any to any
> 
> part of my kernel configuration file
> 
> options IPFIREWALL
> options IPFIREWALL_FORWARD
> options IPFIREWALL_VERBOSE_LIMIT
> options DUMMYNET
> options BRIDGE
> options PFIL_HOOKS
> options MSGMNB=8192
> options MSGMNI=40
> options MSGSEG=512
> options MSGSSZ=64
> options MSGTQL=2048
> options HZ=1000
> options IPDIVERT
> 
> 
> > Which bad results are these?
-- 
Ezra Banoba 
Network Engineer
one2net
www.one2net.co.ug

"Doing well is a result of Doing good. That's what capitalism is all about."

More information about the freebsd-isp mailing list