From owner-freebsd-stable@FreeBSD.ORG Tue Sep 16 15:28:08 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C222116A4B3 for ; Tue, 16 Sep 2003 15:28:08 -0700 (PDT) Received: from lakemtao04.cox.net (lakemtao04.cox.net [68.1.17.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98C0543FAF for ; Tue, 16 Sep 2003 15:28:07 -0700 (PDT) (envelope-from rjhjr@cox.net) Received: from kongemord.krig.net ([68.100.111.121]) by lakemtao04.cox.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP id <20030916222806.KDL29227.lakemtao04.cox.net@kongemord.krig.net> for ; Tue, 16 Sep 2003 18:28:06 -0400 Received: by kongemord.krig.net (sSMTP sendmail emulation); Tue, 16 Sep 2003 18:28:06 -0400 From: "Bob Hall" Date: Tue, 16 Sep 2003 18:28:06 -0400 To: freebsd-stable@freebsd.org Message-ID: <20030916222806.GA8681@kongemord.krig.net> Mail-Followup-To: freebsd-stable@freebsd.org References: <3F669753.4040205@thepacific.net> <20030916064224.GA90448@e-Gitt.NET> <20030916065615.GB5711@kongemord.krig.net> <3F6775D0.1030501@thepacific.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F6775D0.1030501@thepacific.net> User-Agent: Mutt/1.4.1i X-IMAPbase: 1061250701 17 X-UID: 17 Subject: Re: ipfw + trasnparent proxy X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2003 22:28:08 -0000 I forgot that you also need options IPFIREWALL I've added a note in my config file so I won't forget in the future. I don't have your original post. If you have already recompiled your kernel with both IPFIREWALL options, then you need to supply more information. The output of "ipfw list", which ports you are redirecting from and to, the protocal involved (e.g. HTTP, POP3), and the specific app that will receive the forwarded packets (e.g. squid, a POP3 proxy, etc). Bob Hall On Wed, Sep 17, 2003 at 08:42:56AM +1200, Marcos Biscaysaqu wrote: > Hi . > I made all that stuff, but the redirection is not working fine, and > the proxy work only if I set the proxy on the clients. > I it work with IPFilter but Im using IPFW and I can't change. > > thanks > > Bob Hall wrote: > > >On Tue, Sep 16, 2003 at 08:42:24AM +0200, Oliver Brandmueller wrote: > > > > > >>Hi. > >> > >>On Tue, Sep 16, 2003 at 04:53:39PM +1200, Marcos Biscaysaqu wrote: > >> > >> > >>>Someone know if is possible make a transparent proxy and redirect by > >>>ipfw, ?? > >>> > >>> > > > >In addition to the previous poster's comments, you will also need to > >recompile the kernel with > >options IPFIREWALL_FORWARD #enable transparent proxy support I forgot that you also need options IPFIREWALL I've added a note in my config file so I won't forget in the future. Two comments: If you have already recompiled your kernel with both IPFIREWALL options, then you need to supply more information. Telling us that something doesn't work but giving us no clue as to how you've configured it makes it impossible for us to help you. At a minimum, we need to see your relevant kernal options and your IPFW ruleset. The standard way to reply is to bottom post. I prefer bottom posting, but I'll top post if I'm responding to a post where people have already started top posting. The important thing is to avoid confusion by being consistent, and the first response determines which to use. In this case, I was the first responder, and I bottom posted. By responded to a bottom post with a top post, you've created confusion.