Date: Wed, 10 Jan 2007 13:20:20 +0545 From: Tek Bahadur Limbu <teklimbu@wlink.com.np> To: freebsd-questions@FreeBSD.ORG, teklimbu@wlink.com.np Cc: olli@lurza.secnetix.de, freebsd-questions@FreeBSD.ORG Subject: Re: Using IPFW to bypass hotmail.com Message-ID: <20070110132020.ca39af02.teklimbu@wlink.com.np> In-Reply-To: <200701091428.l09ESiAR011052@lurza.secnetix.de> References: <20070109162922.9549fa55.teklimbu@wlink.com.np> <200701091428.l09ESiAR011052@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 9 Jan 2007 15:28:44 +0100 (CET) Oliver Fromme <olli@lurza.secnetix.de> wrote: > Tek Bahadur Limbu wrote: > > I run a transparent squid proxy using IPFW below: > > > > ipfw -q add allow tcp from 192.168.55.0/24 to any 3128 in via > > bge0 > > That's not the rule for transparent proxying. For that you > need a "forward" (or "fwd") rule, not an "allow" rule. > (Of course, the "allow" rule above might still be needed, > but it's not the one that actually enables the transparent > proxying). > > > Now I want the IP: 192.168.55.22 to bypass Squid when requesting > > www.hotmail.com. > > > > How do I go about doing this using IPFW? Can somebody shed some > > light on this issue? > > Simply add an "allow" rule for that IP, and place it > _before_ the "forward" (or "fwd") rule in your rule set: > > allow tcp from 192.168.55.22 to www.hotmail.com > > Note that the hostname is not resolved dynamically, but > at the time the rule is added to teh rule set. > > Best regards > Oliver > > -- > Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing > Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd > Any opinions expressed in this message may be personal to the author > and may not necessarily reflect the opinions of secnetix in any way. > > "To this day, many C programmers believe that 'strong typing' > just means pounding extra hard on the keyboard." > -- Peter van der Linden > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > Dear Oliver Fromme, Thanks for your input. I really appreciate it. I have rechecked my firewall and I do have the following rule: $IPFW add fwd 127.0.0.1,3128 tcp from any to any 80 in I have place your rule on top of the above rules like this: ipfw -q allow tcp from 192.168.55.22 to www.hotmail.com ipfw -a add fwd 127.0.0.1,3128 tcp from any to any 80 in ipfw -q add allow tcp from 192.168.55.0/24 to any 3128 in via bge0 Are the above rules correct ? Once again, thanks alot. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFFpJc4VrOl+eVhOvYRAigpAJ9WDSsy7CsXtCI9qKwXLqsujnmHXQCcDstb wwjEiMWm0P280aBFuhDsq+0= =Vcsn -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070110132020.ca39af02.teklimbu>