From owner-freebsd-questions@FreeBSD.ORG Sun Aug 8 20:38:45 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4DE6716A4CE for ; Sun, 8 Aug 2004 20:38:45 +0000 (GMT) Received: from mta13.adelphia.net (mta13.adelphia.net [68.168.78.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFDFC43D2D for ; Sun, 8 Aug 2004 20:38:44 +0000 (GMT) (envelope-from Barbish3@adelphia.net) Received: from barbish ([67.20.101.71]) by mta13.adelphia.net (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with SMTP id <20040808203844.PCVY28609.mta13.adelphia.net@barbish>; Sun, 8 Aug 2004 16:38:44 -0400 From: "JJB" To: , Date: Sun, 8 Aug 2004 16:38:43 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <200408081410.44127.mailist@whoweb.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal Subject: RE: IPFW/NATD Transparent Proxy X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Barbish3@adelphia.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Aug 2004 20:38:45 -0000 A new rewrite of the FreeBSD handbook firewall section is currently being made ready for update to the handbook. You can get an in-process copy from www.a1poweruser.com/FBSD_firewall/ >From what you posted looks like you want public internet users to access web server on one of your LAN machines. Both ipfw and ipfilter does this normally with port redirect. You need to post more info about your system config. Post the full contents of your rc.conf and firewall rules files. The limit you write about ipfilter is not true. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of mailist@whoweb.com Sent: Sunday, August 08, 2004 2:11 PM To: freebsd-questions@freebsd.org Subject: IPFW/NATD Transparent Proxy Anyone up for a challenge? I've come to the conclusion that IPFW/NATD cannot support transparent proxying with ONLY stateful rules. I'd like to hear from anyone who has been successful doing so in case I'm missing something. Configuration is: FreeBSD 5.2.1 3 - NICS (de0, de1, de2) de1 = Public IP = 1.2.3.4 de2 = LAN1 = 192.168.1.0 de3 = LAN2 = 192.168.2.0 The challenge: 1) TCP request from 192.168.1.247 to 1.2.3.4:80 2) Redirect 1.2.3.4:80 to 192.168.2.250:80 3) Use stateful rules On another note, I read somewhere on the Internet that IPFILTER has a limitation in that it cannot redirect a public destination to a private destination if the source machine is on the same subnet as the redirected destination. In other words, the following supposedly will not work: 1) A tcp request from 192.168.1.247 to 1.2.3.4:80 2) Redirect 1.2.3.4:80 to 192.168.1.100:80 Is this an accurate limitation of IPFILTER? J _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"