From owner-freebsd-questions@FreeBSD.ORG Tue Sep 14 04:54:58 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EBCA916A4CE for ; Tue, 14 Sep 2004 04:54:58 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 868C543D5D for ; Tue, 14 Sep 2004 04:54:58 +0000 (GMT) (envelope-from subhro.kar@gmail.com) Received: by mproxy.gmail.com with SMTP id v18so485769rnb for ; Mon, 13 Sep 2004 21:54:50 -0700 (PDT) Received: by 10.38.11.80 with SMTP id 80mr2017234rnk; Mon, 13 Sep 2004 21:54:49 -0700 (PDT) Received: by 10.38.206.15 with HTTP; Mon, 13 Sep 2004 21:54:49 -0700 (PDT) Message-ID: Date: Tue, 14 Sep 2004 10:24:49 +0530 From: Subhro To: JP In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <20040913232615.26445.qmail@web40102.mail.yahoo.com> cc: freebsd-questions@freebsd.org Subject: Re: Configuring IPFW (Firewall) and Proxy/Nylon, Help Please X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Subhro List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 04:54:59 -0000 On Tue, 14 Sep 2004 10:22:16 +0530, Subhro wrote: > Hello, > > > On Mon, 13 Sep 2004 16:26:15 -0700 (PDT), JP wrote: > > Hello There, > > > > I currently am a running 5.2.1-Release which is > > configured as a gateway with kernel firewall support. > > I have installed Squid (Proxy) and Nylon (SOCKS) which > > seem to be configured fine. However, I need help in > > getting all http/https traffic to only route to the > > proxy (Port 3128) and all other traffic to point to > > nylon (Port 1080). This way the proxy and socks > > server cannot be circumvented. Could someone please > > suggest some tips or a website? I am using the > > standard rc.firewall configuration. > > > > http runs on port 80 by default and https on port 443 so you can > divert incoming traffic on port 80 and 443 on port 3128. And do not > forget to save the states for the incoming traffic or the reply > traffic wont get through. > > For the later section you can set up a default divert for everthing > to port 1080. > > > Thanks! > > You are welcome > > > > > Below is my rc.conf file: > > > > --------------- > > > > gateway_enable="YES" > > firewall_enable="YES" > > firewall_type="OPEN" <<---you need to remove this and make this point to your firewall ruleset file > > natd_enable="YES" <<---You need to comment this out because if natd is running the clients can anyway get through the NAT and avoid proxy. > > natd_interface="ed0" > > #natd_flags="-f /etc/natd.conf" > > hostname="******" > > ifconfig_ed0="DHCP" > > inetd_enable="YES" > > keyrate="fast" > > sshd_enable="YES" > > usbd_enable="YES" Sorry to backpost but what are trying to achieve by the next two lines? > > ifconfig_dc0="inet 192.168.1.254 netmask > > 255.255.255.0" > > defaultrouter="192.168.1.254" Regards S. -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India