From owner-freebsd-net@FreeBSD.ORG Wed Feb 28 08:38:33 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 15C2D16A400 for ; Wed, 28 Feb 2007 08:38:33 +0000 (UTC) (envelope-from ml.diespammer@netfence.it) Received: from parrot.aev.net (parrot.aev.net [212.31.247.179]) by mx1.freebsd.org (Postfix) with ESMTP id 9473013C4B4 for ; Wed, 28 Feb 2007 08:38:32 +0000 (UTC) (envelope-from ml.diespammer@netfence.it) Received: from soth.ventu (adsl-ull-42-242.51-151.net24.it [151.51.242.42]) (authenticated bits=128) by parrot.aev.net (8.14.0/8.13.8) with ESMTP id l1S8jrxQ024495 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 28 Feb 2007 09:46:00 +0100 (CET) (envelope-from ml.diespammer@netfence.it) Received: from [10.1.2.18] (alamar.ventu [10.1.2.18]) by soth.ventu (8.14.0/8.13.8) with ESMTP id l1S8cmgE021824; Wed, 28 Feb 2007 09:38:48 +0100 (CET) (envelope-from ml.diespammer@netfence.it) Message-ID: <45E53F7D.4030703@netfence.it> Date: Wed, 28 Feb 2007 09:38:21 +0100 From: Andrea Venturoli User-Agent: Thunderbird 1.5.0.9 (X11/20070119) MIME-Version: 1.0 To: Robert Watson References: <45E21468.4060200@netfence.it> <20070227222316.R60173@fledge.watson.org> In-Reply-To: <20070227222316.R60173@fledge.watson.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.61 on 212.31.247.179 Cc: freebsd-net@freebsd.org Subject: Re: LOR with divert sockets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-net@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Feb 2007 08:38:33 -0000 Robert Watson wrote: > What versions of ip_fw2.c and ip_divert.c were in use? From i386/6.2-RELEASE-p1, i.e.: src/sys/netinet/ip_fw2.c,v 1.106.2.21 2006/10/10 18:39:38 bz src/sys/netinet/ip_divert.c,v 1.113.2.2 2006/05/16 07:27:48 ps > Also, could you let me know if you use any > uid/gid rules in your IPFW rule set? Yep. 04000 allow tcp from me to any uid squid out via xl0 setup keep-state I use this to allow squid to retrieve everything according to its own security settings. > Thanks, Thanks to you. bye av.