Using IPFW to bypass hotmail.com

Tek Bahadur Limbu teklimbu at wlink.com.np
Wed Jan 10 07:35:40 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Tue, 9 Jan 2007 15:28:44 +0100 (CET)
Oliver Fromme <olli at lurza.secnetix.de> wrote:

> Tek Bahadur Limbu wrote:
>  > I run a transparent squid proxy using IPFW below:
>  > 
>  > ipfw -q add allow tcp  from 192.168.55.0/24 to any  3128 in via
>  > bge0
> 
> That's not the rule for transparent proxying.  For that you
> need a "forward" (or "fwd") rule, not an "allow" rule.
> (Of course, the "allow" rule above might still be needed,
> but it's not the one that actually enables the transparent
> proxying).
> 
>  > Now I want the IP: 192.168.55.22 to bypass Squid when requesting
>  > www.hotmail.com.
>  > 
>  > How do I go about doing this using IPFW? Can somebody shed some
>  > light on this issue?
> 
> Simply add an "allow" rule for that IP, and place it
> _before_ the "forward" (or "fwd") rule in your rule set:
> 
> allow tcp from 192.168.55.22 to www.hotmail.com
> 
> Note that the hostname is not resolved dynamically, but
> at the time the rule is added to teh rule set.
> 
> Best regards
>    Oliver
> 
> -- 
> Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
> Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
> Any opinions expressed in this message may be personal to the author
> and may not necessarily reflect the opinions of secnetix in any way.
> 
> "To this day, many C programmers believe that 'strong typing'
> just means pounding extra hard on the keyboard."
>         -- Peter van der Linden
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
> 

Dear Oliver Fromme,

Thanks for your input. I really appreciate it. I have rechecked my
firewall and I do have the following rule:

$IPFW add fwd 127.0.0.1,3128 tcp from any to any 80 in


I have place your rule on top of the above rules like this:

ipfw -q allow tcp from 192.168.55.22 to www.hotmail.com
ipfw -a add fwd 127.0.0.1,3128 tcp from any to any 80 in
ipfw -q add allow tcp  from 192.168.55.0/24 to any  3128 in via bge0

Are the above rules correct ?


Once again, thanks alot.



 -- 


With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFFpJc4VrOl+eVhOvYRAigpAJ9WDSsy7CsXtCI9qKwXLqsujnmHXQCcDstb
wwjEiMWm0P280aBFuhDsq+0=
=Vcsn
-----END PGP SIGNATURE-----

More information about the freebsd-questions mailing list