From owner-freebsd-net@FreeBSD.ORG  Wed Feb 28 08:38:33 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 15C2D16A400
	for <freebsd-net@freebsd.org>; Wed, 28 Feb 2007 08:38:33 +0000 (UTC)
	(envelope-from ml.diespammer@netfence.it)
Received: from parrot.aev.net (parrot.aev.net [212.31.247.179])
	by mx1.freebsd.org (Postfix) with ESMTP id 9473013C4B4
	for <freebsd-net@freebsd.org>; Wed, 28 Feb 2007 08:38:32 +0000 (UTC)
	(envelope-from ml.diespammer@netfence.it)
Received: from soth.ventu (adsl-ull-42-242.51-151.net24.it [151.51.242.42])
	(authenticated bits=128)
	by parrot.aev.net (8.14.0/8.13.8) with ESMTP id l1S8jrxQ024495
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Wed, 28 Feb 2007 09:46:00 +0100 (CET)
	(envelope-from ml.diespammer@netfence.it)
Received: from [10.1.2.18] (alamar.ventu [10.1.2.18])
	by soth.ventu (8.14.0/8.13.8) with ESMTP id l1S8cmgE021824;
	Wed, 28 Feb 2007 09:38:48 +0100 (CET)
	(envelope-from ml.diespammer@netfence.it)
Message-ID: <45E53F7D.4030703@netfence.it>
Date: Wed, 28 Feb 2007 09:38:21 +0100
From: Andrea Venturoli <ml.diespammer@netfence.it>
User-Agent: Thunderbird 1.5.0.9 (X11/20070119)
MIME-Version: 1.0
To: Robert Watson <rwatson@freebsd.org>
References: <45E21468.4060200@netfence.it>
	<20070227222316.R60173@fledge.watson.org>
In-Reply-To: <20070227222316.R60173@fledge.watson.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.61 on 212.31.247.179
Cc: freebsd-net@freebsd.org
Subject: Re: LOR with divert sockets
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: freebsd-net@freebsd.org
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2007 08:38:33 -0000

Robert Watson wrote:

> What versions of ip_fw2.c and ip_divert.c were in use?

 From i386/6.2-RELEASE-p1, i.e.:
src/sys/netinet/ip_fw2.c,v 1.106.2.21 2006/10/10 18:39:38 bz
src/sys/netinet/ip_divert.c,v 1.113.2.2 2006/05/16 07:27:48 ps



> Also, could you let me know if you use any 
> uid/gid rules in your IPFW rule set?

Yep.

04000 allow tcp from me to any uid squid out via xl0 setup keep-state

I use this to allow squid to retrieve everything according to its own 
security settings.



> Thanks,

Thanks to you.



  bye
	av.