From owner-freebsd-questions  Sun Mar 19 15:22:23 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207])
	by hub.freebsd.org (Postfix) with ESMTP id 9BC3137B7F9
	for <questions@FreeBSD.ORG>; Sun, 19 Mar 2000 15:22:17 -0800 (PST)
	(envelope-from cjc@cc942873-a.ewndsr1.nj.home.com)
Received: (from cjc@localhost)
	by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id SAA78371;
	Sun, 19 Mar 2000 18:22:03 -0500 (EST)
	(envelope-from cjc)
Date: Sun, 19 Mar 2000 18:22:03 -0500
From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To: Gavin Cameron <gavin@itworks.com.au>
Cc: questions@FreeBSD.ORG
Subject: Re: IPFW question
Message-ID: <20000319182203.D78153@cc942873-a.ewndsr1.nj.home.com>
Reply-To: cjclark@home.com
References: <Pine.BSF.4.21.0003192056280.11948-100000@maybe.itworks.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.BSF.4.21.0003192056280.11948-100000@maybe.itworks.com.au>; from gavin@itworks.com.au on Sun, Mar 19, 2000 at 09:03:40PM +1100
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Mar 19, 2000 at 09:03:40PM +1100, Gavin Cameron wrote:
> Hi all,
> 
> I have the following turned in my kernel on under 4.0-RELEASE
> 
> 	options         IPFIREWALL              #firewall
> 	options         IPFIREWALL_VERBOSE      #print information about
>         	                                # dropped packets
> 	options         IPFIREWALL_FORWARD      #enable transparent proxy support
> 	options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
> 	options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
> 	default
> 	options         IPDIVERT                #divert sockets
> 	options         IPSTEALTH               #support for stealth forwarding
> 
> And if I do the following
> 
> 	ipfw add 100 divert 23 log tcp from mach1 to mach2 80
> 
> Then I think that if I telnet from mach1 to mach2 on port 80 then I expect
> to see a telnet session start up.
> 
> Am I right in the way that I read the divert line?

No. man 4 divert

You would not use ipfw(8) to redirect network traffic in this
manner. You would use something like natd(8).

> I get lines like
> 
> 	Mar 19 20:57:50 gavin1 /kernel: ipfw: 100 Divert 23 TCP
> 		mach1:1625 mach2:80 in via ed0
> 
> in my IPFW logfiles but I don't see a telnet session.
> 
> The test is a precursor to getting FreeBSD 4.0 working with squid 2.3 to
> act as a transparent proxy for packets directed to it by an Alteon
> CacheDirector. If someone already have a working config (both IPFW and
> squid) for this scenario and wouldn't mind parting with it I'd be very
> appreciative.

For this, you would not want divert(4) or natd(8). You want to use the
fwd action in ipfw(8). man 8 ipfw
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message