From owner-freebsd-questions  Sun Mar 19  2: 3:48 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from iserver.itworks.com.au (iserver.itworks.com.au [203.32.61.10])
	by hub.freebsd.org (Postfix) with SMTP id DBB8237B72F
	for <questions@freebsd.org>; Sun, 19 Mar 2000 02:03:43 -0800 (PST)
	(envelope-from gavin@itworks.com.au)
Received: (qmail 75925 invoked from network); 19 Mar 2000 10:03:41 -0000
Received: from maybe.itworks.com.au (203.36.209.235)
  by iserver.itworks.com.au with SMTP; 19 Mar 2000 10:03:41 -0000
Received: (qmail 13399 invoked from network); 19 Mar 2000 10:03:41 -0000
Received: from maybe.itworks.com.au (HELO maybe) (203.36.209.235)
  by maybe.itworks.com.au with SMTP; 19 Mar 2000 10:03:41 -0000
Date: Sun, 19 Mar 2000 21:03:40 +1100 (EST)
From: Gavin Cameron <gavin@itworks.com.au>
To: questions@freebsd.org
Subject: IPFW question
Message-ID: <Pine.BSF.4.21.0003192056280.11948-100000@maybe.itworks.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi all,

I have the following turned in my kernel on under 4.0-RELEASE

	options         IPFIREWALL              #firewall
	options         IPFIREWALL_VERBOSE      #print information about
        	                                # dropped packets
	options         IPFIREWALL_FORWARD      #enable transparent proxy support
	options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
	options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
	default
	options         IPDIVERT                #divert sockets
	options         IPSTEALTH               #support for stealth forwarding

And if I do the following

	ipfw add 100 divert 23 log tcp from mach1 to mach2 80

Then I think that if I telnet from mach1 to mach2 on port 80 then I expect
to see a telnet session start up.

Am I right in the way that I read the divert line?

I get lines like

	Mar 19 20:57:50 gavin1 /kernel: ipfw: 100 Divert 23 TCP
		mach1:1625 mach2:80 in via ed0

in my IPFW logfiles but I don't see a telnet session.

The test is a precursor to getting FreeBSD 4.0 working with squid 2.3 to
act as a transparent proxy for packets directed to it by an Alteon
CacheDirector. If someone already have a working config (both IPFW and
squid) for this scenario and wouldn't mind parting with it I'd be very
appreciative.

Cheers and thanks,
Gavin

[]-----------------------------------+------------------------------------[]
| Gavin Cameron                      |          ITworks Consulting         |
| Ph    : +61 3 9642 5477            |       Level 8, 488 Bourke Street    |
| Fax   : +61 3 9642 5499            |         Melbourne,  Victoria        |
| Email : gavin@itworks.com.au       |           Australia,  3000          |
[]-----------------------------------+------------------------------------[]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message