All in one machine running w/ Dansguardian+Squid+IPFW

Julian Elischer julian at elischer.org
Thu Sep 9 03:22:27 UTC 2010 

On 9/8/10 4:44 PM, Tony wrote:
> my setup looks like this
>
> PC1 ->  browser ->  firewall(redirects port 80 to 8888) ->  dansguardian(
> 127.0.0.1:8888) ->  squid(127.0.0.1:3333) ->  internet
>
> keep in mind that everything you see above are all on the same PC1
>

you may need to use divert and natd to achieve the effect you require.


>
>
> On Wed, Sep 8, 2010 at 7:13 PM, Julian Elischer<julian at elischer.org>  wrote:
>
>> On 9/8/10 2:46 PM, Tony wrote:
>>
>>> I have one computer that has Dansguardian (127.0.0.1:8888) and Squid
>>> (127.0.0.1) and IPFW installed. From the same computer, I'm trying to
>>> redirect port 80 to Dansguardian's port 8888 using the rulesets below.
>>> Is this possible? I read that ipfw does not allow forwarding from the same
>>> machine. Is this true? I'm have tried both these ruleset separately and
>>> are
>>> not getting any hits when I do ipw show. Something wrong with my rules?
>>>
>>
>> there was a small window around 6.x (I think) where you needed  a
>> special option to fwd to oneself in ipfw. It was removed quickly as it made
>> forwarding useless in general.
>>
>>
>>
>>> Ruleset #1
>>>
>>> ipfw add fwd 127.0.0.1:8888 tcp from 192.168.0.154 to any 80 in recv en1
>>>
>>
>> looks vaguely right but I haven't done it in a while.
>>
>>
>>
>>   ipfw add allow tcp from me to any 80 out xmit en1
>>> ipfw add allow tcp from any 80 to me in recv en1
>>>
>>>
>>> Ruleset#2
>>>
>>> ipfw add allow tcp from 192.168.0.154 to any 80 out xmit en1
>>>
>>
>> make up your mind.. is that machine out via en1 or somewhere else?
>>
>>
>>   ipfw add fwd 127.0.0.1,8888 tcp from 192.168.0.154 to any dst-port 80
>>> ipfw add allow tcp from any 80 to 192.168.0.154 in recv en1 established
>>>
>>
>> can you draw a diagram?
>>
>> are these two rulesets supposed to coexist on the same
>> machine?
>>
>>> _______________________________________________
>>> freebsd-ipfw at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>>>
>>
>>
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"

More information about the freebsd-ipfw mailing list