From owner-freebsd-net@FreeBSD.ORG Thu Jun 23 02:57:26 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BB3716A41C for ; Thu, 23 Jun 2005 02:57:26 +0000 (GMT) (envelope-from fooler@skyinet.net) Received: from smtp1.skyinet.net (smtp1.skyinet.net [202.78.97.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B1BD43D1F for ; Thu, 23 Jun 2005 02:57:25 +0000 (GMT) (envelope-from fooler@skyinet.net) Received: from fooler (fooler.ilo.skyinet.net [202.78.118.66]) by smtp1.skyinet.net (Postfix) with SMTP id C568F58370; Thu, 23 Jun 2005 10:57:11 +0800 (PHT) Message-ID: <0a3701c5779f$4b023b30$42764eca@ilo.skyinet.net> From: "fooler" To: , "Ryan Rathje " References: <3933822510531721@webmail.iastate.edu> Date: Thu, 23 Jun 2005 10:57:23 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Cc: Subject: Re: Transparent Squid 2.5Stable10 + FreeBSD 5.4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jun 2005 02:57:26 -0000 ----- Original Message ----- From: "Ryan Rathje " To: Sent: Wednesday, June 22, 2005 9:33 PM Subject: Transparent Squid 2.5Stable10 + FreeBSD 5.4 > Fooler, > Thanks for the suggestion thus far, it did clear some up. When I use your > suggestion of: > > ipfw add fwd 127.0.0.1,3128 tcp from any to any 80 in via em0 > > 1 FreeBSD configured as a gateway with 2 nics > sis0 - outside world nic > em0 - internal network nic > > it appears to have some communication, but not all. Here's what I mean: This > is the output from ethereal when trying to visit the google website: > > 192.168.1.5 -> 216.239.39.99 TCP 3694 > http [SYN] seq=0 ack=0 win=16384 > Len=0 MSS=1460 > 216.239.39.99 -> 192.168.1.5 TCP http > 3694 [SYN, ACK] seq=0 ack=1 > win=16384 Len=0 MSS=1460 > 192.168.1.5 -> 216.239.39.99 TCP 3694 > http [ACK] seq=1 ack=1 win=17520 > Len=0 > 192.168.1.5 -> 216.239.39.99 HTTP GET / HTTP/1.1 > 216.239.39.99 -> 192.168.1.5 TCP http > 3694 [FIN, ACK] seq=1 ack=300 > win=65535 Len=0 > 192.168.1.5 -> 216.239.39.99 TCP 3694 > http [ACK] seq=300 ack=2 win=17520 > Len=0 > 192.168.1.5 -> 216.239.39.99 TCP 3694 > http [FIN, ACK] seq=300 ack=2 > win=17520 Len=0 > 216.239.39.99 -> 192.168.1.5 TCP http > 3694 [ACK] seq=2 ack=301 win=65534 > Len=0 first... there is no transparent proxy (or http hijacking) took place because your client (192.168.1.5) is the one who fetch the google website instead your proxy server... second... although client is successfully communicate with google web server.. it is clearly a violation of RFC 1918.. where it says that the private ip address is only routable within your controlled domain.. .once it gets out from your controlled domain.. it must be drop... (disregard this statement if you do NAT where ethereal interpret the packets above after the network address translation) show me what "ipfw show" and "netstat -an|grep LISTEN" say... fooler.