All in one machine running w/ Dansguardian+Squid+IPFW
Julian Elischer
julian at elischer.org
Wed Sep 8 23:30:03 UTC 2010
On 9/8/10 2:46 PM, Tony wrote:
> I have one computer that has Dansguardian (127.0.0.1:8888) and Squid
> (127.0.0.1) and IPFW installed. From the same computer, I'm trying to
> redirect port 80 to Dansguardian's port 8888 using the rulesets below.
> Is this possible? I read that ipfw does not allow forwarding from the same
> machine. Is this true? I'm have tried both these ruleset separately and are
> not getting any hits when I do ipw show. Something wrong with my rules?
there was a small window around 6.x (I think) where you needed a
special option to fwd to oneself in ipfw. It was removed quickly as it
made forwarding useless in general.
>
> Ruleset #1
>
> ipfw add fwd 127.0.0.1:8888 tcp from 192.168.0.154 to any 80 in recv en1
looks vaguely right but I haven't done it in a while.
> ipfw add allow tcp from me to any 80 out xmit en1
> ipfw add allow tcp from any 80 to me in recv en1
>
>
> Ruleset#2
>
> ipfw add allow tcp from 192.168.0.154 to any 80 out xmit en1
make up your mind.. is that machine out via en1 or somewhere else?
> ipfw add fwd 127.0.0.1,8888 tcp from 192.168.0.154 to any dst-port 80
> ipfw add allow tcp from any 80 to 192.168.0.154 in recv en1 established
can you draw a diagram?
are these two rulesets supposed to coexist on the same
machine?
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list