From owner-freebsd-ipfw@FreeBSD.ORG Sun Mar 28 05:04:58 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E0C016A4CE for ; Sun, 28 Mar 2004 05:04:58 -0800 (PST) Received: from viviendaatualcance.com.mx (dsl-200-78-18-163.prod-infinitum.com.mx [200.78.18.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id A75BA43D1F for ; Sun, 28 Mar 2004 05:04:55 -0800 (PST) (envelope-from eculp@viviendaatualcance.com.mx) Received: from localhost (localhost [127.0.0.1]) (uid 80) by viviendaatualcance.com.mx with local; Sun, 28 Mar 2004 07:04:54 -0600 Received: from dsl-201-129-46-8.prod-infinitum.com.mx (dsl-201-129-46-8.prod-infinitum.com.mx [201.129.46.8]) by mail.viviendaatualcance.com.mx (Horde) with HTTP for ; Sun, 28 Mar 2004 07:04:54 -0600 Message-ID: <20040328070454.3og08ss4gkgwksco@mail.viviendaatualcance.com.mx> Date: Sun, 28 Mar 2004 07:04:54 -0600 From: Edwin Culp To: whizkid@ValueDJ.com References: <1088.216.100.130.17.1080447627.squirrel@www.ValueDJ.com> In-Reply-To: <1088.216.100.130.17.1080447627.squirrel@www.ValueDJ.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.0-cvs X-EnContacto.net: Edwin Culp celular Mexico 001 228 824 5542 WorldInternet.ORG X-WorldInternet.org: Edwin Culp Te mantiene, siempre, EnContacto. X-Mailman-Approved-At: Sun, 28 Mar 2004 05:10:20 -0800 cc: freebsd-ipfw@freebsd.org Subject: Re: FreeBSD Tansparent Proxy with ipfw & natd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Mar 2004 13:04:58 -0000 Quoting whizkid@ValueDJ.com: > I have seen lots of pages on google on how to setup Squid as a Transparent > Proxy server on FreeBSD. However most of these refer to 4.9 stable, using > IPTables. I am currently using natd and ipfw. Here are my Firewall rules < SHORTEN A BIT > > how would I set it so all incoming packets from xl0 would get redirected > to port 8080 for the proxy server. I want to setup DansGuardian for > content filtering and I don't want the people who will be using my network > to find a way around disabling the Proxy in the browser. I would try something like the following that should be around 6001 before nating. add 6001 fwd 127.0.0.1,8080 tcp from 192.168.1.0/24 to any 80 I have a rule before the allows port 80 access for "me" to not use squid for our local intranet traffic and I have a forward rule after the above but before nating to send the squid request out through an interface that is not the default route to a second ISP that is just for squid traffic, then I nat. YMMV, good luck, ed > > Anyone have any ideas? > > Thanks for your help > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"