Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Nov 2002 10:27:15 -0800
From:      Mahlon <mahlon-dated-1037471235.ab57d0@martini.nu>
To:        Jeff Palmer <scorpio@drkshdw.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: IPFW fwd doesn't seem to work
Message-ID:  <20021101182715.GA89840@martini.nu>
In-Reply-To: <5.1.1.6.0.20021027215426.00ba6ec8@mail.drkshdw.org>
References:  <5.1.1.6.0.20021027215426.00ba6ec8@mail.drkshdw.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Sun, Oct 27, 2002, Jeff Palmer wrote:
> 
> I run a small ISP in florida,  and have decided to implement a squid proxy.
> 
> I've got everything configured except the ipfw forward rule on the 
> bridge/firewall.
> 
> The basic layout is    router <--->  bridge/firewall <--> switch to other 
> servers
> 
> 
> I've added a rule to allow traffic from the proxy machine, out to the 
> internet.
> 
> ipfw add pass tcp from 123.123.123.123 to any 80
> 
> I then have a rule that is supposed to forward the other port 80 requests 
> to another ip/port.
> 
> ipfw add fwd 123.123.123.124,3128 log tcp from 123.123.123.0/24 to any 80
> 
> Now,   /var/log/security shows the rule as matching but the proxy machine 
> never see's the traffic.


< removed -isp from the cc list >

Are you using IPFW2, by chance?

I've been running a transparent proxy for about 3 years without issue.  As
soon as I tried IPFW2, I see the same problem as you are describing.  fwd
packet match, but never hit the proxy.  Switch back to IPFW1, using the
exact same ruleset - and it works.  4_7_0_RELEASE.

Anyone else seeing this behavior?


Mahlon E. Smith                        jabber id: mahlon@chat.martini.nu
http://www.martini.nu/               get pgp key:  mahlon-pgp@martini.nu
........................................................................
 "she unwinds by picking roses, splitting eyebrows, breaking noses" --
                                  Pond

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----

iD8DBQE9wseCwL5r+zYGsmcRAsAvAJ9TUb4I/gR//O03guu7PA9TaxrsVACePn73
0v4/bERhPRsx7aCi58oJ1Vc=
=M/Iu
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021101182715.GA89840>