From owner-freebsd-questions@FreeBSD.ORG Sun Jun 15 17:19:18 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDB7D37B401 for ; Sun, 15 Jun 2003 17:19:18 -0700 (PDT) Received: from mx1.au.itouchnet.net (nat2.au.itouchnet.net [144.135.23.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 845A543FA3 for ; Sun, 15 Jun 2003 17:19:17 -0700 (PDT) (envelope-from ajthomson@optushome.com.au) Received: from nobody by mx1.au.itouchnet.net with scanned_ok (Exim 3.36 #1) id 19RhiO-0005XC-00 for freebsd-questions@freebsd.org; Mon, 16 Jun 2003 10:19:16 +1000 X-TLS: TLSv1:DES-CBC3-SHA:168 athomson.prv.au.itouchnet.net -> mx1.au.itouchnet.net Received: from athomson.prv.au.itouchnet.net ([192.168.13.55]) by mx1.au.itouchnet.net with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #1) id 19RhiN-0005X5-00 for freebsd-questions@freebsd.org; Mon, 16 Jun 2003 10:19:15 +1000 Received: from localhost ([127.0.0.1] helo=athomson.prv.au.itouchnet.net) by athomson.prv.au.itouchnet.net with esmtp (Exim 4.20) id 19RhiN-000G9E-Io for freebsd-questions@freebsd.org; Mon, 16 Jun 2003 10:19:15 +1000 Received: (from ajt@localhost)h5G0JFh0062075 for freebsd-questions@freebsd.org; Mon, 16 Jun 2003 10:19:15 +1000 (EST) X-Authentication-Warning: athomson.prv.au.itouchnet.net: ajt set sender to ajthomson@optushome.com.au using -f Date: Mon, 16 Jun 2003 10:19:15 +1000 From: Andrew Thomson To: freebsd-questions@freebsd.org Message-ID: <20030616001915.GF60583@athomson.prv.au.itouchnet.net> References: <20030616000934.GE60583@athomson.prv.au.itouchnet.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030616000934.GE60583@athomson.prv.au.itouchnet.net> User-Agent: Mutt/1.4.1i X-Checked: Scanned for any viruses and unauthorized attachments at mx1.au.itouchnet.net X-iScan-ID: 21274-1055722756-40596@mx1.au.itouchnet.net version $Name: REL_2_0_2 $ Subject: Re: ipfirewall_forward X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jun 2003 00:19:19 -0000 On Mon, Jun 16, 2003 at 10:09:34AM +1000, Andrew Thomson wrote: > i'm working on setting up a transparent squid proxy. > > would like to clarify what the forward stuff actually does.. > > this is what I thought was happening.. > > ipfw2 initialized, divert enabled, rule-based forwarding enabled, > default to accept, logging unlimited > > 00500 fwd 192.168.1.2 tcp from any to any dst-port 80 > 65535 allow ip from any to any > > i just thought i'd muck around with apache atm.. i hit the box with these > rules on it on port 80, and the request is never fwd'ed to 192.168.1.2 > > is this what's supposed to happen?? > > a tcpdump port 80 on both hosts show in the incoming http from the > client, however nothing on the machined having the packets forwarded.. > > can someone clarify this for me? > > thanks, > > ajt. > just tested some more.. and i assume this fwd business is for just pushing packets around on the same host.. i snuck in rule 400 as a test.. 00400 fwd 192.168.1.1,3128 tcp from any to any dst-port 80 00500 fwd 192.168.1.2 tcp from any to any dst-port 80 1.1 is what i'm typing in my browser.. originally i was hoping this would be forwarded to 1.2.. but was getting no love.. however when i fwd to the same host as i type in the browser, the fwd works.. i take it this is it's use?? so how do I do want I want to do?? thanks, ajt.