transparent squid and ipfw
Fazal Ahmed Malik
fam at sky.net.pk
Mon Jan 17 18:29:12 UTC 2011
Dear All,
I have problem in setting up transparent squid and ipfw dummynet together on freebsd. I sent this question earlier but yet no luck to implement. I am using mpd5 for pppoe server and have addclient script which limit the user bandwidth(working perfect) now i want my all traffic redirected to squid transparently mean users does not need to configure their browser for proxy. When i redirect port 80 traffic to squid than bandwidth does not get controlled mean dummy net pipe is no more effective.
I have following ipfw rules and also addclient script is attached any body having implemented such solution please help.
00002 157925 116380443 divert 8668 ip from any to any via xl0
00997 fwd 192.168.3.50,8080 $log tcp from any to any 80 in recv $vpn_if
00048 6 288 deny tcp from any to any dst-port 445 out via xl0
00049 0 0 deny tcp from any to any dst-port 445 in via xl0
00050 0 0 deny tcp from any to any dst-port 137 in via xl0
00051 0 0 deny tcp from any to any dst-port 138 in via xl0
00052 0 0 deny tcp from any to any dst-port 139 in via xl0
00053 0 0 allow tcp from any to any dst-port 20 setup
00054 0 0 allow tcp from any to any dst-port 21 setup
00055 0 0 allow tcp from any to any dst-port 22 setup
00056 5 240 allow tcp from any to any dst-port 23 setup
00999 287274 228262006 allow tcp from any to any out keep-state
01003 1298 140582 pipe 3 ip from 192.168.3.80 to any via ng0
01005 3654 409511 pipe 5 ip from 192.168.3.81 to any via ng1
03000 772 52308 allow icmp from me to any
04000 394 26536 allow icmp from any to any
65535 33414 5509180 allow ip from any to any
Best regards,
Fazal Ahmed Malik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: addclient.sh
Type: application/octet-stream
Size: 1945 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20110117/066edaba/addclient.obj
More information about the freebsd-ipfw
mailing list