All in one machine running w/ Dansguardian+Squid+IPFW

[Tony]

my setup looks like this

PC1 -> browser -> firewall(redirects port 80 to 8888) -> dansguardian(
127.0.0.1:8888) -> squid(127.0.0.1:3333) -> internet

keep in mind that everything you see above are all on the same PC1



On Wed, Sep 8, 2010 at 7:13 PM, Julian Elischer <julian at elischer.org> wrote:

> On 9/8/10 2:46 PM, Tony wrote:
>
>> I have one computer that has Dansguardian (127.0.0.1:8888) and Squid
>> (127.0.0.1) and IPFW installed. From the same computer, I'm trying to
>> redirect port 80 to Dansguardian's port 8888 using the rulesets below.
>> Is this possible? I read that ipfw does not allow forwarding from the same
>> machine. Is this true? I'm have tried both these ruleset separately and
>> are
>> not getting any hits when I do ipw show. Something wrong with my rules?
>>
>
> there was a small window around 6.x (I think) where you needed  a
> special option to fwd to oneself in ipfw. It was removed quickly as it made
> forwarding useless in general.
>
>
>
>> Ruleset #1
>>
>> ipfw add fwd 127.0.0.1:8888 tcp from 192.168.0.154 to any 80 in recv en1
>>
>
> looks vaguely right but I haven't done it in a while.
>
>
>
>  ipfw add allow tcp from me to any 80 out xmit en1
>> ipfw add allow tcp from any 80 to me in recv en1
>>
>>
>> Ruleset#2
>>
>> ipfw add allow tcp from 192.168.0.154 to any 80 out xmit en1
>>
>
> make up your mind.. is that machine out via en1 or somewhere else?
>
>
>  ipfw add fwd 127.0.0.1,8888 tcp from 192.168.0.154 to any dst-port 80
>> ipfw add allow tcp from any 80 to 192.168.0.154 in recv en1 established
>>
>
> can you draw a diagram?
>
> are these two rulesets supposed to coexist on the same
> machine?
>
>> _______________________________________________
>> freebsd-ipfw at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>>
>
>