From owner-freebsd-questions@FreeBSD.ORG  Wed Feb 11 06:20:05 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2514316A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 11 Feb 2004 06:20:05 -0800 (PST)
Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com
	[66.111.4.25])	by mx1.FreeBSD.org (Postfix) with ESMTP id 0F57943D1F
	for <freebsd-questions@freebsd.org>;
	Wed, 11 Feb 2004 06:20:05 -0800 (PST)
	(envelope-from nkinkade@fastmail.fm)
X-Sasl-enc: pOyp5L1aBTr9vYfkLNYZUQ 1076509203
Received: from [206.26.199.146] (unknown [206.27.244.214])
	by www.fastmail.fm (Postfix) with ESMTP id 1A1564E5D8B;
	Wed, 11 Feb 2004 09:20:02 -0500 (EST)
Received: from nkinkade by [206.26.199.146] with local (Exim 4.12)
	id 1AqvDK-0002jL-00; Wed, 11 Feb 2004 08:19:42 -0600
Date: Wed, 11 Feb 2004 08:19:42 -0600
From: Nathan Kinkade <nkinkade@ub.edu.bz>
To: Markus Kovero <markus.kovero@grafikansi.fi>
Message-ID: <20040211141942.GA6762@nkinkade>
Mail-Followup-To: Markus Kovero <markus.kovero@grafikansi.fi>,
	freebsd-questions@freebsd.org
References: <200402110921.i1B9LaY18818@nalle.netsonic.fi>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
In-Reply-To: <200402110921.i1B9LaY18818@nalle.netsonic.fi>
User-Agent: Mutt/1.4.1i
Sender: Nathan Kinkade <nkinkade@[206.26.199.146]>
cc: freebsd-questions@freebsd.org
Subject: Re: ipnat transparent www proxy question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Nathan Kinkade <nkinkade@ub.edu.bz>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2004 14:20:05 -0000


--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 11, 2004 at 11:21:36AM +0200, Markus Kovero wrote:
> I would like to do transparent www proxy for nat-network which is
> 172.16.0.0/24 and wwwproxy being $ispcache
> I told ipnat to do:
> rdr xl0 from 172.16.0.0/24 to any port =3D 80 -> $ispcache port 8080 tcp
>=20
> but all www connections go straight through, not through cache.
> xl0 is LAN interface.
>=20
> Any clue?
>=20
> Markus Kovero

What is the output of `ipfw list`?  You should probably add a rule
something like the following just after your NAT divert rule:

$ ipfw add fwd $ispcache,8080 tcp from any to any dst-port 80 in

Nathan
--=20
gpg --keyserver pgp.mit.edu --recv-keys D8527E49

--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQFAKjn+O0ZIEthSfkkRAnEXAJ9iaiqNHvzsZnPKFuWYodSFd1TMaACg1Mzh
qL0EeuALhwdDZeJeXJ83zMY=
=yjtg
-----END PGP SIGNATURE-----

--EVF5PPMfhYS0aIcm--