From owner-freebsd-questions@FreeBSD.ORG Wed Jan 10 07:35:38 2007 Return-Path: X-Original-To: freebsd-questions@FreeBSD.ORG Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AF31216A403 for ; Wed, 10 Jan 2007 07:35:38 +0000 (UTC) (envelope-from teklimbu@wlink.com.np) Received: from smtp5.wlink.com.np (smtp5.wlink.com.np [202.79.32.52]) by mx1.freebsd.org (Postfix) with SMTP id 8DC8013C442 for ; Wed, 10 Jan 2007 07:35:34 +0000 (UTC) (envelope-from teklimbu@wlink.com.np) Received: (qmail 72106 invoked from network); 10 Jan 2007 07:35:30 -0000 Received: from unknown (HELO smtp1.wlink.com.np) (202.79.32.76) by 0 with SMTP; 10 Jan 2007 07:35:30 -0000 Received: (qmail 9827 invoked by uid 98); 10 Jan 2007 07:35:30 -0000 Received: from 202.79.36.216 by smtp1.wlink.com.np (envelope-from , uid 1009) with qmail-scanner-1.25 (clamdscan: 0.88.4/2205. Clear:RC:1(202.79.36.216):. Processed in 0.062557 secs); 10 Jan 2007 07:35:30 -0000 X-Qmail-Scanner-Mail-From: teklimbu@wlink.com.np via smtp1.wlink.com.np X-Qmail-Scanner: 1.25 (Clear:RC:1(202.79.36.216):. Processed in 0.062557 secs) Received: from [202.79.36.216] (HELO teklimbu.wlink.com.np) by smtp1.wlink.com.np (qmail-smtpd) with SMTP; 10 Jan 2007 07:35:24 -0000 (Wed, 10 Jan 2007 13:20:24 +0545) Received: (qmail 63129 invoked by uid 1009); 10 Jan 2007 07:35:21 -0000 Received: from unknown (HELO teklimbu.wlink.com.np) (202.79.36.216) by teklimbu.wlink.com.np with SMTP; 10 Jan 2007 07:35:21 -0000 Date: Wed, 10 Jan 2007 13:20:20 +0545 From: Tek Bahadur Limbu To: freebsd-questions@FreeBSD.ORG, teklimbu@wlink.com.np Message-Id: <20070110132020.ca39af02.teklimbu@wlink.com.np> In-Reply-To: <200701091428.l09ESiAR011052@lurza.secnetix.de> References: <20070109162922.9549fa55.teklimbu@wlink.com.np> <200701091428.l09ESiAR011052@lurza.secnetix.de> Organization: Worldlink Communications Pvt. Ltd. X-Mailer: Sylpheed version 2.2.0 (GTK+ 2.8.12; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Check-By: smtp1.wlink.com.np Spam: No ; 0.1 / 5.0 X-Spam-Status-WL: No, hits=0.1 required=5.0 Cc: olli@lurza.secnetix.de, freebsd-questions@FreeBSD.ORG Subject: Re: Using IPFW to bypass hotmail.com X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2007 07:35:38 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 9 Jan 2007 15:28:44 +0100 (CET) Oliver Fromme wrote: > Tek Bahadur Limbu wrote: > > I run a transparent squid proxy using IPFW below: > > > > ipfw -q add allow tcp from 192.168.55.0/24 to any 3128 in via > > bge0 > > That's not the rule for transparent proxying. For that you > need a "forward" (or "fwd") rule, not an "allow" rule. > (Of course, the "allow" rule above might still be needed, > but it's not the one that actually enables the transparent > proxying). > > > Now I want the IP: 192.168.55.22 to bypass Squid when requesting > > www.hotmail.com. > > > > How do I go about doing this using IPFW? Can somebody shed some > > light on this issue? > > Simply add an "allow" rule for that IP, and place it > _before_ the "forward" (or "fwd") rule in your rule set: > > allow tcp from 192.168.55.22 to www.hotmail.com > > Note that the hostname is not resolved dynamically, but > at the time the rule is added to teh rule set. > > Best regards > Oliver > > -- > Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing > Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd > Any opinions expressed in this message may be personal to the author > and may not necessarily reflect the opinions of secnetix in any way. > > "To this day, many C programmers believe that 'strong typing' > just means pounding extra hard on the keyboard." > -- Peter van der Linden > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > Dear Oliver Fromme, Thanks for your input. I really appreciate it. I have rechecked my firewall and I do have the following rule: $IPFW add fwd 127.0.0.1,3128 tcp from any to any 80 in I have place your rule on top of the above rules like this: ipfw -q allow tcp from 192.168.55.22 to www.hotmail.com ipfw -a add fwd 127.0.0.1,3128 tcp from any to any 80 in ipfw -q add allow tcp from 192.168.55.0/24 to any 3128 in via bge0 Are the above rules correct ? Once again, thanks alot. -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFFpJc4VrOl+eVhOvYRAigpAJ9WDSsy7CsXtCI9qKwXLqsujnmHXQCcDstb wwjEiMWm0P280aBFuhDsq+0= =Vcsn -----END PGP SIGNATURE-----