ipfw + trasnparent proxy

Bob Hall rjhjr at cox.net
Tue Sep 16 15:28:08 PDT 2003 

I forgot that you also need
        options         IPFIREWALL
I've added a note in my config file so I won't forget in the future.

I don't have your original post. If you have already recompiled your 
kernel with both IPFIREWALL options, then you need to supply more 
information. The output of "ipfw list", which ports you are redirecting 
from and to, the protocal involved (e.g. HTTP, POP3), and the specific 
app that will receive the forwarded packets (e.g. squid, a POP3 proxy,
etc). 

Bob Hall

On Wed, Sep 17, 2003 at 08:42:56AM +1200, Marcos Biscaysaqu wrote:
> Hi .
>    I made all that stuff, but the redirection is not working fine, and 
> the proxy work only if I set the proxy  on the clients.
> I it work with IPFilter but Im using IPFW and I can't change.
> 
> thanks
> 
> Bob Hall wrote:
> 
> >On Tue, Sep 16, 2003 at 08:42:24AM +0200, Oliver Brandmueller wrote:
> > 
> >
> >>Hi.
> >>
> >>On Tue, Sep 16, 2003 at 04:53:39PM +1200, Marcos Biscaysaqu wrote:
> >>   
> >>
> >>>Someone know if is possible make a transparent proxy and redirect by 
> >>>ipfw, ??
> >>>     
> >>>
> >
> >In addition to the previous poster's comments, you will also need to 
> >recompile the kernel with
> >options         IPFIREWALL_FORWARD      #enable transparent proxy support

I forgot that you also need 
	options         IPFIREWALL
I've added a note in my config file so I won't forget in the future.

Two comments:
If you have already recompiled your kernel with both IPFIREWALL options, 
then you need to supply more information. Telling us that something 
doesn't work but giving us no clue as to how you've configured it makes 
it impossible for us to help you. At a minimum, we need to see your 
relevant kernal options and your IPFW ruleset.

The standard way to reply is to bottom post. I prefer bottom posting, 
but I'll top post if I'm responding to a post where people have already 
started top posting. The important thing is to avoid confusion by being 
consistent, and the first response determines which to use. In this case,
I was the first responder, and I bottom posted. By responded to a bottom 
post with a top post, you've created confusion.

More information about the freebsd-stable mailing list