Date: Wed, 16 Jan 2002 01:39:47 +0800 From: slack@suntop-cn.com To: freebsd-questions@freebsd.org Subject: transparent proxy problem Message-ID: <3C44D9E3.30625.90B036@localhost>
next in thread | raw e-mail | index | archive | help
hi, everbody
I need intercept all outgoing web traffic (tcp port 80 ) and redirect them to
a internal proxy say 192.168.1.15, anyone can give me ipfw+natd solution ?
1. i can use a ipfw "fwd" command + tproxy to do it , but i don't like it, it
make me can't do user auth.
2. if i use ipfw "fwd" command redirect traffic to 192.168.1.5, it's don't
work, simply not traffic put to 172.16.1.253 ( runing tcpdump capture nothing)
3. I try many time ipfw + natd, but not success, cost my 3 days, someone can
write a set rule for me ? I must got some stupid mistake but not aware.
my rule on 172.16.1.254:
# allow all packets from lo0 any to any
${fwcmd} add allow all from any to any via lo0
# setup localnet interface rules
${fwcmd) add allow 192.168.1.15 to any 80 in via ${iif}
${fwcmd} add divert 81 tcp from any to any 80 in via ${iif}
${fwcmd} add allow all from any to any via ${iif}
# set nat rules
${fwcmd} add divert natd all from any to any via ${oif}
........
my natd rule on 172.16.1.254:
natd -interface rl0 -port 81 -reverse -proxy_only -proxy_rule port 80 server
192.16.1.15:8002
internal network 1: 192.168.1.0/24 gateway 192.168.1.5
internal network 2: 172.16.0.0/16 gateway 172.16.1.253 (to 192net)
gateway 172.16.1.254 ( internet)
192.168.1.0/24 ----------172.16.0.0/16-------internet
| |
192.168.1.5 172.16.1.254
172.16.1.253 1.2.3.4(dynamic valid IP)
edwin chen
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C44D9E3.30625.90B036>