From owner-freebsd-questions  Tue Jan 15  9:38:25 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from www.suntop-cn.com (www.suntop-cn.com [61.140.76.155])
	by hub.freebsd.org (Postfix) with ESMTP id 022D337B404
	for <freebsd-questions@freebsd.org>; Tue, 15 Jan 2002 09:38:22 -0800 (PST)
Received: from win ([61.144.147.202])
	(authenticated)
	by www.suntop-cn.com (8.11.3/8.11.3) with ESMTP id g0FHcAX71288
	for <freebsd-questions@freebsd.org>; Wed, 16 Jan 2002 01:38:14 +0800 (CST)
	(envelope-from slack@suntop-cn.com)
From: slack@suntop-cn.com
To: freebsd-questions@freebsd.org
Date: Wed, 16 Jan 2002 01:39:47 +0800
MIME-Version: 1.0
Subject: transparent proxy problem
Message-ID: <3C44D9E3.30625.90B036@localhost>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

hi, everbody

I need intercept all outgoing web traffic (tcp port 80 ) and redirect them to 
a internal proxy say 192.168.1.15, anyone can give me ipfw+natd solution ?
1. i can use a ipfw "fwd" command + tproxy to do it , but i don't like it, it 
make me can't do user auth.
2. if i use ipfw "fwd" command redirect traffic to 192.168.1.5, it's don't 
work, simply not traffic put to 172.16.1.253 ( runing tcpdump capture nothing)
3. I try many time ipfw + natd, but not success, cost my 3 days, someone can 
write a set rule for me ? I must got some stupid mistake but not aware.

my rule on 172.16.1.254:
# allow all packets from lo0 any to any
${fwcmd} add allow all from any to any via lo0

# setup localnet interface rules
${fwcmd) add allow 192.168.1.15 to any 80 in via ${iif}
${fwcmd} add divert 81 tcp from any to any 80 in via ${iif}
${fwcmd} add allow all from any to any via ${iif}

# set nat rules
${fwcmd} add divert natd all from any to any via ${oif}
........

my natd rule on 172.16.1.254:
natd -interface rl0 -port 81 -reverse -proxy_only -proxy_rule port 80 server 
192.16.1.15:8002


internal network 1: 192.168.1.0/24 gateway 192.168.1.5
internal network 2: 172.16.0.0/16  gateway 172.16.1.253 (to 192net)
                                   gateway 172.16.1.254 ( internet)


192.168.1.0/24 ----------172.16.0.0/16-------internet
                    |                    |
               192.168.1.5            172.16.1.254
               172.16.1.253           1.2.3.4(dynamic valid IP)



edwin chen



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message