All in one machine running w/ Dansguardian+Squid+IPFW

Özkan KIRIK ozkan.kirik at gmail.com
Thu Sep 9 06:39:26 UTC 2010 

you can forward packets directly to squid by:

ipfw add fwd 127.0.0.1,3333 tcp from not me to any dst-port 80

Ozkan KIRIK
Mersin University @ Turkey


On Thu, Sep 9, 2010 at 6:22 AM, Julian Elischer <julian at elischer.org> wrote:
> On 9/8/10 4:44 PM, Tony wrote:
>>
>> my setup looks like this
>>
>> PC1 ->  browser ->  firewall(redirects port 80 to 8888) ->  dansguardian(
>> 127.0.0.1:8888) ->  squid(127.0.0.1:3333) ->  internet
>>
>> keep in mind that everything you see above are all on the same PC1
>>
>
> you may need to use divert and natd to achieve the effect you require.
>
>
>>
>>
>> On Wed, Sep 8, 2010 at 7:13 PM, Julian Elischer<julian at elischer.org>
>>  wrote:
>>
>>> On 9/8/10 2:46 PM, Tony wrote:
>>>
>>>> I have one computer that has Dansguardian (127.0.0.1:8888) and Squid
>>>> (127.0.0.1) and IPFW installed. From the same computer, I'm trying to
>>>> redirect port 80 to Dansguardian's port 8888 using the rulesets below.
>>>> Is this possible? I read that ipfw does not allow forwarding from the
>>>> same
>>>> machine. Is this true? I'm have tried both these ruleset separately and
>>>> are
>>>> not getting any hits when I do ipw show. Something wrong with my rules?
>>>>
>>>
>>> there was a small window around 6.x (I think) where you needed  a
>>> special option to fwd to oneself in ipfw. It was removed quickly as it
>>> made
>>> forwarding useless in general.
>>>
>>>
>>>
>>>> Ruleset #1
>>>>
>>>> ipfw add fwd 127.0.0.1:8888 tcp from 192.168.0.154 to any 80 in recv en1
>>>>
>>>
>>> looks vaguely right but I haven't done it in a while.
>>>
>>>
>>>
>>>  ipfw add allow tcp from me to any 80 out xmit en1
>>>>
>>>> ipfw add allow tcp from any 80 to me in recv en1
>>>>
>>>>
>>>> Ruleset#2
>>>>
>>>> ipfw add allow tcp from 192.168.0.154 to any 80 out xmit en1
>>>>
>>>
>>> make up your mind.. is that machine out via en1 or somewhere else?
>>>
>>>
>>>  ipfw add fwd 127.0.0.1,8888 tcp from 192.168.0.154 to any dst-port 80
>>>>
>>>> ipfw add allow tcp from any 80 to 192.168.0.154 in recv en1 established
>>>>
>>>
>>> can you draw a diagram?
>>>
>>> are these two rulesets supposed to coexist on the same
>>> machine?
>>>
>>>> _______________________________________________
>>>> freebsd-ipfw at freebsd.org mailing list
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>>>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>>>>
>>>
>>>
>> _______________________________________________
>> freebsd-ipfw at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>

More information about the freebsd-ipfw mailing list