Date: Tue, 14 Sep 1999 17:15:48 -0400 From: Andre@HighCaliber.com (Andre Chang) To: "Julian Elischer" <julian@whistle.com> Cc: <freebsd-ipfw@FreeBSD.ORG> Subject: Re: IPFW configuration as a transparent proxy Message-ID: <028101befef6$50f47300$1ad2d9ce@work.highcaliber.com>
index | next in thread | raw e-mail
Thanks for the information, I however still havent figured out my problem.. here it is: I'm using only one interface on the machine running IPFW (fxp1 - the machine has 2 interfaces but I'm only using one) the client, IPFW and the proxy machine are on the same subnet (win98, FreeBSD 3.2-RELEASE and NT4.0 proxy respectively) the client's gateway is the IPFW machine the rule on the IPFW machine: ipfw add 500 fwd 10.0.0.1,80 log tcp from 10.0.0.100 to any 80 in recv fxp1 For testing purposes I specified logging and the actual ip of the client. The logs show a matched rule when I attempt to open the browser: ipfw: 500 Forward to 10.0.0.1:80 TCP 10.0.0.100:1158 204.141.86.3:80 in via fxp1 This looks ok but then the browser returns an unable to connect message. I cant seem to figure out what is wrong here. Any insight will be greatly appreciated. Thanks for the existing comments. -- Andre Chang Network Engineer. High Caliber Systems, Inc. -----Original Message----- From: Julian Elischer <julian@whistle.com> To: Andre Chang <Andre@HighCaliber.com> Cc: freebsd-ipfw@FreeBSD.ORG <freebsd-ipfw@FreeBSD.ORG> Date: Tuesday, September 14, 1999 2:37 PM Subject: Re: IPFW configuration as a transparent proxy >The fwd option forces a packet to be sent to: > > 1/ a nominated local socket >or > 2/ out a nominated interface tot a nominated 2nd machine. > >However it doesn't change the packet in any way.. this means that in case >(2) above, the second machine will not accept the packet unless it also >has a 'fwd' rule to make it do soi( as in case 1). If this is not the >case, it will examine the packet and send it towards it's original >destination. > >In the first case, This basically allows transparent proxy, by redirecting >all outgoing requests to port 80 (that are not starting at the local >machine) (i.e. requests coming in on the local interface that would >normally be routed out your WAN interface) to be redirected to whatever >port your proxy is listenning on. > >e.g. >ipfw add 2 fwd 127.0.0.1,3137 tcp from any to any 80 out recv ed1 xmit ng0 > >This redirects any packets that are about to go out through ng0 (our LAN >frame relay link), that originated on the LAN (ed1).The reson for being so >specific is that we don't want to capture the requests that the proxy >makes! > >hope this helps! > >julian > > > > > > > >On Tue, 14 Sep 1999, Andre Chang wrote: > >> Hello, >> >> I would like to know if this is the place to ask about configuring IPFW to >> serve >> as a transparent proxy by use of the IPFW's "fwd" option. >> >> Is there anyone who has used this option toward this goal or something >> similar? >> Any response on this topic would be greatly appreciated. Thank You. >> >> -- Andre Chang >> Network Engineer. >> High Caliber Systems, Inc. >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-ipfw" in the body of the message >> > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the messagehelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?028101befef6$50f47300$1ad2d9ce>