Date: Tue, 13 Jun 2000 14:23:20 -0400 (EDT) From: Mikhail Teterin <mi@privatelabs.com> To: questions@freebsd.org, stable@freebsd.org Subject: diverted packets never leave the box Message-ID: <200006131823.OAA61647@misha.privatelabs.com>
next in thread | raw e-mail | index | archive | help
Hello! I'm trying to force all of the requests to the web-server (www) go to the squid box first (squid is running on a separate machine -- squid). I set up the ipfw rules on the web-server as follows allow log tcp from squid to www http divert 8668 log tcp from not squid to www http in divert 8668 log tcp from squid to www allow ip from any to any I start natd on www as: natd -proxy_only -proxy_rule \ type encode_tcp_stream \ port http \ server squid:3128 \ -a www -verbose -reverse When I try to connect to www:80 from the third machine (named misha), I see natd on www output the following (IP addresses changed to names): In [TCP] [TCP] misha:4393 -> www:80 aliased to [TCP] www:4393 -> squid:3128 which is what I want (I think). However, according to tcpdumps running on both squid and www no packets actually arrive to the squid machine and my connections (from misha) time out. How do I make packets that are diverted (to natd) be resent to their new destinations? I'd rather use the ipfw/natd combination then transproxy. TIA, -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006131823.OAA61647>