From owner-freebsd-net@FreeBSD.ORG Sun Jul 27 21:11:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4A3537B401 for ; Sun, 27 Jul 2003 21:11:02 -0700 (PDT) Received: from meketrex.pix.net (meketrex.pix.net [192.111.45.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA0B543F3F for ; Sun, 27 Jul 2003 21:11:01 -0700 (PDT) (envelope-from stripes@meketrex.pix.net) Received: (from stripes@localhost) by meketrex.pix.net (8.11.6/8.11.6) id h6S4B0113413; Mon, 28 Jul 2003 00:11:00 -0400 (EDT) Date: Mon, 28 Jul 2003 00:11:00 -0400 From: Josh Osborne To: freebsd-net@freebsd.org Message-ID: <20030728001100.A12957@meketrex.pix.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Subject: user ppp's "nat proxy" under FreeBSD 5.1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2003 04:11:03 -0000 I'm using the user land ppp under 5.1 and I have this in the ppp.conf: nat enable yes nat log yes nat unregistered_only yes nat proxy type no_encode port 80 server 10.0.0.1:3128 proto tcp src 10.0.0.29 before I execute the proxy line the web browser on 10.0.0.29 works fine, after it is dead in the water. (10.0.0.1 is the same machine that is running the user land ppp, and doing the NATing) The web proxy (squid) on 10.0.0.1 doesn't see any requests. To remove configuration of squid from the picture I just ran "ttcp -r -p 3128" on 10.0.0.1. I attempted to use the web browser on 10.0.0.29 agian, and got nothing (no connections to ttcp, and nothing in the web browser). When I just attempted to connect to 10.0.0.1:3128 from a random port on 10.0.0.29 I saw the connection just fine. I built a copy of libalias and ppp with debugging on and set some breakpoints. The libalias code is definitly attempting to do *something* with the port 80 connections, but I can't really tell what. Is that proxy line roughly correct? Is it expected to work on 5.1? Am I smoking too much crack? Not enough? Is there a better way to do this anyway?