From owner-freebsd-ipfw@FreeBSD.ORG Wed Sep 8 23:35:20 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BBE810656B7 for ; Wed, 8 Sep 2010 23:35:20 +0000 (UTC) (envelope-from rigstars@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 086EA8FC13 for ; Wed, 8 Sep 2010 23:35:19 +0000 (UTC) Received: by wyb33 with SMTP id 33so762247wyb.13 for ; Wed, 08 Sep 2010 16:35:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=4IwHPSUjJ/nT5hptDeahL1xC2xTS9FLgra2Vqid1DjU=; b=xdPH0oewOUcexrC6n23LQN385vzHqZrwS3acPGgYO9iUfxZ8YctmxZ2nBbvHysnMGa /BfvtFwg1zu4+TMpx1miFiwf19BCgZiDPiredVnWumjCkOmMRTv/fn1xJQhavJpMo2CC v+i9TfdNcGDZIzgu4E/BgOUtpJUYiBGK/WV3k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=UMujpY8VAzcSKzvkvbpmjiJj0pF9NoW9DdOWk5e0kaH/k9M5blAb3OOJbrG6/qmhSw UA4iAjypVm16DQQVa7N/xI0dy+V4U57flP/TTZDU4LRDQoEg2mi2MR21XfuBkYc5MQ9W GtrjlUoVt7mIAWlOFPSc9qi8QHuiLu6S5Lpm4= MIME-Version: 1.0 Received: by 10.227.156.199 with SMTP id y7mr34578wbw.21.1283988918255; Wed, 08 Sep 2010 16:35:18 -0700 (PDT) Received: by 10.227.140.211 with HTTP; Wed, 8 Sep 2010 16:35:18 -0700 (PDT) In-Reply-To: <4C88188A.8010903@elischer.org> References: <4C88188A.8010903@elischer.org> Date: Wed, 8 Sep 2010 19:35:18 -0400 Message-ID: From: Tony To: Julian Elischer Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org Subject: Re: All in one machine running w/ Dansguardian+Squid+IPFW X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Sep 2010 23:35:20 -0000 I only use one ruleset at a time ..just trying different ones to see if one or the other works. en1 is my private lan ..(wireless interface) either case, it doesn't work ..btw, I'm using snow leopard .. anyone here try using natd for redirection ..that may work i guess On Wed, Sep 8, 2010 at 7:13 PM, Julian Elischer wrote: > On 9/8/10 2:46 PM, Tony wrote: > >> I have one computer that has Dansguardian (127.0.0.1:8888) and Squid >> (127.0.0.1) and IPFW installed. From the same computer, I'm trying to >> redirect port 80 to Dansguardian's port 8888 using the rulesets below. >> Is this possible? I read that ipfw does not allow forwarding from the same >> machine. Is this true? I'm have tried both these ruleset separately and >> are >> not getting any hits when I do ipw show. Something wrong with my rules? >> > > there was a small window around 6.x (I think) where you needed a > special option to fwd to oneself in ipfw. It was removed quickly as it made > forwarding useless in general. > > > >> Ruleset #1 >> >> ipfw add fwd 127.0.0.1:8888 tcp from 192.168.0.154 to any 80 in recv en1 >> > > looks vaguely right but I haven't done it in a while. > > > > ipfw add allow tcp from me to any 80 out xmit en1 >> ipfw add allow tcp from any 80 to me in recv en1 >> >> >> Ruleset#2 >> >> ipfw add allow tcp from 192.168.0.154 to any 80 out xmit en1 >> > > make up your mind.. is that machine out via en1 or somewhere else? > > > ipfw add fwd 127.0.0.1,8888 tcp from 192.168.0.154 to any dst-port 80 >> ipfw add allow tcp from any 80 to 192.168.0.154 in recv en1 established >> > > can you draw a diagram? > > are these two rulesets supposed to coexist on the same > machine? > >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >> > >