Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 14 May 1998 21:39:51 +0200
From:      Philippe Regnauld <regnauld@deepo.prosa.dk>
To:        Ari Suutari <ari@suutari.iki.fi>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: IPFW + natd -redirect_port
Message-ID:  <19980514213951.60414@deepo.prosa.dk>
In-Reply-To: <355B3384.55681C04@suutari.iki.fi>; from Ari Suutari on Thu, May 14, 1998 at 09:10:12PM %2B0300
References:  <19980514143208.15101@deepo.prosa.dk> <355B3384.55681C04@suutari.iki.fi>
next in thread | previous in thread | raw e-mail | index | archive | help 

Ari Suutari writes:
> > 
> >   ipfw add 100 divert 6668 tcp from any to outside-A 80
> 
> 	This rule handles only incoming packets, not outgoing ones.
> 	I have usually used
> 
> 	ipfw add divert 6668 ip from any to any via ep0

	In the meantime I figured this out and got it to work
	with several different ports -- it works great!

> 	ipfw add pass tcp from any to any established
> 	ipfw add pass tcp from any to B 80 setup

	Thanks for the tip -- I was testing with an open FW.

	now I'm hitting another interesting problem -- I'd like
	to do "transparent" proxy redirection, i.e.:
	I would like outgoing traffic to any 80 to be silently
	redirected to the Squid (on the local net or on the
	firewall).  This should work, since modern WWW clients
	include the full url (vor VHosts reasons) in the request.

	I've first tried something simple like adding

	redirect_port tcp squid.addr:8080 0:80 

	but this didn't work...

	I've then tried to add a special rule before the
	general divert (divert all from any to any):

	divert 6789 tcp from any to any 80 [via ep1] (ep1 is inside)

	And created a nice loop! :-)

	I even tried hacks like 

	10 skipto 30 tcp from any to any 80
	20 divert natd all from any to any via ep0
	30 divert 6789 tcp from any to any 80 out via [ep0|ep1]

	To no avail.  I'm obviously missing something, but I can't
	grasp what.

	I can include logs of natd -v if necessary.

-- 
 -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-
     «Pluto placed his bad dog at the entrance of Hades to keep the dead
      IN and the living  OUT!  The archetypical corporate firewall?»
                                                       - S. Kelly Bootle

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980514213951.60414>