Date: Fri, 1 Nov 2002 10:27:15 -0800 From: Mahlon <mahlon-dated-1037471235.ab57d0@martini.nu> To: Jeff Palmer <scorpio@drkshdw.org> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW fwd doesn't seem to work Message-ID: <20021101182715.GA89840@martini.nu> In-Reply-To: <5.1.1.6.0.20021027215426.00ba6ec8@mail.drkshdw.org> References: <5.1.1.6.0.20021027215426.00ba6ec8@mail.drkshdw.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--GvXjxJ+pjyke8COw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Oct 27, 2002, Jeff Palmer wrote: >=20 > I run a small ISP in florida, and have decided to implement a squid prox= y. >=20 > I've got everything configured except the ipfw forward rule on the=20 > bridge/firewall. >=20 > The basic layout is router <---> bridge/firewall <--> switch to other= =20 > servers >=20 >=20 > I've added a rule to allow traffic from the proxy machine, out to the=20 > internet. >=20 > ipfw add pass tcp from 123.123.123.123 to any 80 >=20 > I then have a rule that is supposed to forward the other port 80 requests= =20 > to another ip/port. >=20 > ipfw add fwd 123.123.123.124,3128 log tcp from 123.123.123.0/24 to any 80 >=20 > Now, /var/log/security shows the rule as matching but the proxy machine= =20 > never see's the traffic. < removed -isp from the cc list > Are you using IPFW2, by chance? I've been running a transparent proxy for about 3 years without issue. As soon as I tried IPFW2, I see the same problem as you are describing. fwd packet match, but never hit the proxy. Switch back to IPFW1, using the exact same ruleset - and it works. 4_7_0_RELEASE. Anyone else seeing this behavior? Mahlon E. Smith jabber id: mahlon@chat.martini.nu http://www.martini.nu/ get pgp key: mahlon-pgp@martini.nu =2E....................................................................... "she unwinds by picking roses, splitting eyebrows, breaking noses" -- Pond --GvXjxJ+pjyke8COw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iD8DBQE9wseCwL5r+zYGsmcRAsAvAJ9TUb4I/gR//O03guu7PA9TaxrsVACePn73 0v4/bERhPRsx7aCi58oJ1Vc= =M/Iu -----END PGP SIGNATURE----- --GvXjxJ+pjyke8COw-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021101182715.GA89840>