Date: Thu, 12 Jun 2003 14:40:04 -0400 From: Bill Moran <wmoran@potentialtech.com> To: Kliment Andreev <klimenta@futurebit.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw + squid Message-ID: <3EE8C904.9000504@potentialtech.com> In-Reply-To: <000501c33111$4a89dd60$ca0110ac@vinyl.tkvbp.com> References: <000501c33111$4a89dd60$ca0110ac@vinyl.tkvbp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kliment Andreev wrote: > I have ipfw + squid (ext NIC: fxp0, int NIC: dc0). Squid is listening on > port 3128. > > Using ipfilter I will do > > rdr dc0 0/0 port 80 -> 127.0.0.1 port 3128 tcp > > How can I do this in ipfw > > 00050 36764 12234591 divert 8668 ip from any to any via fxp0 > ---->>>>>> 00060 0 0 divert 80 tcp from any to any 3128 > 00100 4732 13839892 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 65000 53018 18345167 allow ip from any to any > 65535 1 328 allow ip from any to any > > > Line 60 doesn't seem to work for me. Nope. You don't do it with an IPFW rule, you need to pass instructions to natd. The canonical way to do this is in /etc/rc.conf. Add a line like: natd_flags="-redirect_port tcp 127.0.0.1:80 3128" If you already have a natd_flags= line in rc.conf, just add that to it. Also read the man page on natd for more details. -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EE8C904.9000504>