ipfw + trasnparent proxy
Bob Hall
rjhjr at cox.net
Tue Sep 16 15:28:08 PDT 2003
I forgot that you also need
options IPFIREWALL
I've added a note in my config file so I won't forget in the future.
I don't have your original post. If you have already recompiled your
kernel with both IPFIREWALL options, then you need to supply more
information. The output of "ipfw list", which ports you are redirecting
from and to, the protocal involved (e.g. HTTP, POP3), and the specific
app that will receive the forwarded packets (e.g. squid, a POP3 proxy,
etc).
Bob Hall
On Wed, Sep 17, 2003 at 08:42:56AM +1200, Marcos Biscaysaqu wrote:
> Hi .
> I made all that stuff, but the redirection is not working fine, and
> the proxy work only if I set the proxy on the clients.
> I it work with IPFilter but Im using IPFW and I can't change.
>
> thanks
>
> Bob Hall wrote:
>
> >On Tue, Sep 16, 2003 at 08:42:24AM +0200, Oliver Brandmueller wrote:
> >
> >
> >>Hi.
> >>
> >>On Tue, Sep 16, 2003 at 04:53:39PM +1200, Marcos Biscaysaqu wrote:
> >>
> >>
> >>>Someone know if is possible make a transparent proxy and redirect by
> >>>ipfw, ??
> >>>
> >>>
> >
> >In addition to the previous poster's comments, you will also need to
> >recompile the kernel with
> >options IPFIREWALL_FORWARD #enable transparent proxy support
I forgot that you also need
options IPFIREWALL
I've added a note in my config file so I won't forget in the future.
Two comments:
If you have already recompiled your kernel with both IPFIREWALL options,
then you need to supply more information. Telling us that something
doesn't work but giving us no clue as to how you've configured it makes
it impossible for us to help you. At a minimum, we need to see your
relevant kernal options and your IPFW ruleset.
The standard way to reply is to bottom post. I prefer bottom posting,
but I'll top post if I'm responding to a post where people have already
started top posting. The important thing is to avoid confusion by being
consistent, and the first response determines which to use. In this case,
I was the first responder, and I bottom posted. By responded to a bottom
post with a top post, you've created confusion.
More information about the freebsd-stable
mailing list