Configuring IPFW (Firewall) and Proxy/Nylon, Help Please
subhro.kar at gmail.com
Mon Sep 13 21:54:59 PDT 2004
On Tue, 14 Sep 2004 10:22:16 +0530, Subhro <subhro.kar at gmail.com> wrote:
> On Mon, 13 Sep 2004 16:26:15 -0700 (PDT), JP <planoprez at yahoo.com> wrote:
> > Hello There,
> > I currently am a running 5.2.1-Release which is
> > configured as a gateway with kernel firewall support.
> > I have installed Squid (Proxy) and Nylon (SOCKS) which
> > seem to be configured fine. However, I need help in
> > getting all http/https traffic to only route to the
> > proxy (Port 3128) and all other traffic to point to
> > nylon (Port 1080). This way the proxy and socks
> > server cannot be circumvented. Could someone please
> > suggest some tips or a website? I am using the
> > standard rc.firewall configuration.
> http runs on port 80 by default and https on port 443 so you can
> divert incoming traffic on port 80 and 443 on port 3128. And do not
> forget to save the states for the incoming traffic or the reply
> traffic wont get through.
> For the later section you can set up a default divert for everthing
> to port 1080.
> > Thanks!
> You are welcome
> > Below is my rc.conf file:
> > ---------------
> > gateway_enable="YES"
> > firewall_enable="YES"
> > firewall_type="OPEN" <<---you need to remove this and make this point to your firewall ruleset file
> > natd_enable="YES" <<---You need to comment this out because if natd is running the clients can anyway get through the NAT and avoid proxy.
> > natd_interface="ed0"
> > #natd_flags="-f /etc/natd.conf"
> > hostname="******"
> > ifconfig_ed0="DHCP"
> > inetd_enable="YES"
> > keyrate="fast"
> > sshd_enable="YES"
> > usbd_enable="YES"
Sorry to backpost but what are trying to achieve by the next two lines?
> > ifconfig_dc0="inet 192.168.1.254 netmask
> > 255.255.255.0"
> > defaultrouter="192.168.1.254"
Subhro Sankha Kar
School of Information Technology
Block AQ-13/1 Sector V
More information about the freebsd-questions