Please convert the equivalent of these rules into IPFW

Tony rigstars at gmail.com
Thu Sep 9 13:49:13 UTC 2010 

I tried converting those iptables rules myself. How do they look?

   #Allow Squid outbound access on port 8883 (Dansguardian)
   ipfw add allow tcp from 192.168.0.154 to any dst-port 8883 out uid squid

   #Allow Squid outbound access on port 80
   ipfw add allow tcp from 192.168.0.154 to any dst-port 80 out uid squid

   #Redirect all requests on port 80 to 8883 (Dansguardian)
   ipfw add fwd 127.0.0.1,8883 tcp from not me to any dst-port 80

   # Accept requests on port 3333 from nobody (Dansguardian user)
   ipfw add allow tcp from 192.168.0.154 to any dst-port 3333 out uid nobody

//this is to allow clients on same machine to go from
browser->dansguardian->squid->internet
//both services are running on the local loopback ip address





On Thu, Sep 9, 2010 at 9:00 AM, Tony <rigstars at gmail.com> wrote:

> Can some please convert these iptable rules in IPFW
>
>   #Allow Squid outbound access on port 8080 (Dansguardian)
>    iptables -t nat -A OUTPUT -p tcp -m tcp --dport 8080 -m owner
> --uid-owner squid -j ACCEPT
>
>    # Allow Squid outbound access on port 80
>    iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner
> squid -j ACCEPT
>
>    # Don't redirect root on port 80
>    iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner
> root -j ACCEPT
>
>    # Don't redirect root on port 3128 (Squid)
>    iptables -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -m owner
> --uid-owner root -j ACCEPT
>
>    # Redirect all requests on port 80 to 8080 (Dansguardian)
>    iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT
> --to-ports 8080
>
>    # Accept requests on port 3128 from nobody (Dansguardian user)
>    iptables -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -m owner
> --uid-owner nobody -j ACCEPT
>
>    # Redirect all other requests on port 3128 to 8080 to prevent users from
> getting around Dansguardian by going directly to Squid
>    iptables -t nat -A OUTPUT -p tcp -m tcp --dport 3128 -j REDIRECT
> --to-ports 8080
>
>    # Delete the NOTRACK rule that SuSEfirewall2 adds to the raw table of
> the OUTPUT chain
>    iptables -t raw -D OUTPUT -o lo -j NOTRACK
>
>

More information about the freebsd-ipfw mailing list