From owner-freebsd-questions Fri Nov 1 10:27:25 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7190937B401 for ; Fri, 1 Nov 2002 10:27:23 -0800 (PST) Received: from happymaggot.stinkymeat.net (12-231-130-28.client.attbi.com [12.231.130.28]) by mx1.FreeBSD.org (Postfix) with SMTP id AA7F143E3B for ; Fri, 1 Nov 2002 10:27:17 -0800 (PST) (envelope-from mahlon-dated-1037471235.ab57d0@martini.nu) Received: (qmail 91357 invoked from network); 1 Nov 2002 18:27:15 -0000 Received: from home.martini.nu (HELO 12-231-130-28.client.attbi.com) (forkbomb@192.168.2.1) by happymaggot.stinkymeat.net with SMTP; 1 Nov 2002 18:27:15 -0000 Date: Fri, 1 Nov 2002 10:27:15 -0800 To: Jeff Palmer Cc: freebsd-questions@freebsd.org Subject: Re: IPFW fwd doesn't seem to work Message-ID: <20021101182715.GA89840@martini.nu> References: <5.1.1.6.0.20021027215426.00ba6ec8@mail.drkshdw.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="GvXjxJ+pjyke8COw" Content-Disposition: inline In-Reply-To: <5.1.1.6.0.20021027215426.00ba6ec8@mail.drkshdw.org> User-Agent: Mutt/1.4i X-GPG-Fingerprint: 19B8 DDB3 0156 3A03 FA80 8278 C0BE 6BFB 3606 B267 X-Sysinfo: FreeBSD 4.7-RELEASE, up 16 days From: Mahlon Mail-Followup-To: mahlon-dated-1037471235.ab57d0@martini.nu, scorpio@drkshdw.org, freebsd-questions@freebsd.org X-Delivery-Agent: TMDA/0.57 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --GvXjxJ+pjyke8COw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Oct 27, 2002, Jeff Palmer wrote: >=20 > I run a small ISP in florida, and have decided to implement a squid prox= y. >=20 > I've got everything configured except the ipfw forward rule on the=20 > bridge/firewall. >=20 > The basic layout is router <---> bridge/firewall <--> switch to other= =20 > servers >=20 >=20 > I've added a rule to allow traffic from the proxy machine, out to the=20 > internet. >=20 > ipfw add pass tcp from 123.123.123.123 to any 80 >=20 > I then have a rule that is supposed to forward the other port 80 requests= =20 > to another ip/port. >=20 > ipfw add fwd 123.123.123.124,3128 log tcp from 123.123.123.0/24 to any 80 >=20 > Now, /var/log/security shows the rule as matching but the proxy machine= =20 > never see's the traffic. < removed -isp from the cc list > Are you using IPFW2, by chance? I've been running a transparent proxy for about 3 years without issue. As soon as I tried IPFW2, I see the same problem as you are describing. fwd packet match, but never hit the proxy. Switch back to IPFW1, using the exact same ruleset - and it works. 4_7_0_RELEASE. Anyone else seeing this behavior? Mahlon E. Smith jabber id: mahlon@chat.martini.nu http://www.martini.nu/ get pgp key: mahlon-pgp@martini.nu =2E....................................................................... "she unwinds by picking roses, splitting eyebrows, breaking noses" -- Pond --GvXjxJ+pjyke8COw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iD8DBQE9wseCwL5r+zYGsmcRAsAvAJ9TUb4I/gR//O03guu7PA9TaxrsVACePn73 0v4/bERhPRsx7aCi58oJ1Vc= =M/Iu -----END PGP SIGNATURE----- --GvXjxJ+pjyke8COw-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message