All in one machine running w/ Dansguardian+Squid+IPFW

Julian Elischer julian at elischer.org
Thu Sep 9 03:20:43 UTC 2010 

On 9/8/10 4:35 PM, Tony wrote:
> I only use one ruleset at a time ..just trying different ones to see
> if one or the other works. en1 is my private lan ..(wireless interface)
>
> either case, it doesn't work ..btw, I'm using snow leopard ..

um you forgot to mention that one little fact!

being a FreeBSD mailing list I assumed you were using freeBSD!

I have no idea if the apple folks implemented the changes in the IP 
stack needed to do the forwarding to localhost.
I suspect not.. you may need to look at the darwin sources to find
out.

> anyone
> here try using natd for redirection ..that may work i guess
>
> On Wed, Sep 8, 2010 at 7:13 PM, Julian Elischer <julian at elischer.org
> <mailto:julian at elischer.org>> wrote:
>
>     On 9/8/10 2:46 PM, Tony wrote:
>
>         I have one computer that has Dansguardian (127.0.0.1:8888
>         <http://127.0.0.1:8888>) and Squid
>         (127.0.0.1) and IPFW installed. From the same computer, I'm
>         trying to
>         redirect port 80 to Dansguardian's port 8888 using the
>         rulesets below.
>         Is this possible? I read that ipfw does not allow forwarding
>         from the same
>         machine. Is this true? I'm have tried both these ruleset
>         separately and are
>         not getting any hits when I do ipw show. Something wrong with
>         my rules?
>
>
>     there was a small window around 6.x (I think) where you needed  a
>     special option to fwd to oneself in ipfw. It was removed quickly
>     as it made forwarding useless in general.
>
>
>
>         Ruleset #1
>
>         ipfw add fwd 127.0.0.1:8888 <http://127.0.0.1:8888> tcp from
>         192.168.0.154 to any 80 in recv en1
>
>
>     looks vaguely right but I haven't done it in a while.
>
>
>
>         ipfw add allow tcp from me to any 80 out xmit en1
>         ipfw add allow tcp from any 80 to me in recv en1
>
>
>         Ruleset#2
>
>         ipfw add allow tcp from 192.168.0.154 to any 80 out xmit en1
>
>
>     make up your mind.. is that machine out via en1 or somewhere else?
>
>
>         ipfw add fwd 127.0.0.1,8888 tcp from 192.168.0.154 to any
>         dst-port 80
>         ipfw add allow tcp from any 80 to 192.168.0.154 in recv en1
>         established
>
>
>     can you draw a diagram?
>
>     are these two rulesets supposed to coexist on the same
>     machine?
>
>         _______________________________________________
>         freebsd-ipfw at freebsd.org <mailto:freebsd-ipfw at freebsd.org>
>         mailing list
>         http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>         To unsubscribe, send any mail to
>         "freebsd-ipfw-unsubscribe at freebsd.org
>         <mailto:freebsd-ipfw-unsubscribe at freebsd.org>"
>
>
>

More information about the freebsd-ipfw mailing list