IPFW/NATD Transparent Proxy
mailist at whoweb.com
mailist at whoweb.com
Sun Aug 8 11:09:37 PDT 2004
Anyone up for a challenge?
I've come to the conclusion that IPFW/NATD cannot support transparent
proxying with ONLY stateful rules. I'd like to hear from anyone who has
been successful doing so in case I'm missing something.
Configuration is:
FreeBSD 5.2.1
3 - NICS (de0, de1, de2)
de1 = Public IP = 1.2.3.4
de2 = LAN1 = 192.168.1.0
de3 = LAN2 = 192.168.2.0
The challenge:
1) TCP request from 192.168.1.247 to 1.2.3.4:80
2) Redirect 1.2.3.4:80 to 192.168.2.250:80
3) Use stateful rules
On another note, I read somewhere on the Internet that IPFILTER has a
limitation in that it cannot redirect a public destination to a private
destination if the source machine is on the same subnet as the redirected
destination. In other words, the following supposedly will not work:
1) A tcp request from 192.168.1.247 to 1.2.3.4:80
2) Redirect 1.2.3.4:80 to 192.168.1.100:80
Is this an accurate limitation of IPFILTER?
J
More information about the freebsd-questions
mailing list