Date: Mon, 3 Jul 2000 03:31:41 +0000 ( ) From: Joel Eusebio <joel@tilapia.pang.pworld.net.ph> To: Neill Robins <freebsd@nc.rr.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: transparent proxy Message-ID: <Pine.LNX.3.95.1000703031221.11342A-100000@tilapia.pang.pworld.net.ph> In-Reply-To: <671657707.20000702215101@nc.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I have compiled a new kernel with all the instructions that you told me and I have read the man pages and the README's of transproxy. I am doing a test on 1 workstation I configured it so that it's gateway is the FreeBSD box running transparent proxy. I configured my Netscape Navigator to go direct so theoretically the FreeBSD box will intercept all HTTP request and pipe it to my proxy server which is the same box also. My squid is configured to accomodate this setup with all the httpd_accel turned on. My workstations can't connect to the internet....HTTP, IRC . What other things do I have to check for this to work. The transproxy README says that I have to add certain ipfw rules??? where do I put them??? /etc/rc.firewall??? Thanks a lot for your support. ---------------------->jOEl On Sun, 2 Jul 2000, Neill Robins wrote: > Sunday, July 02, 2000, 9:32:39 PM, you wrote: > JE> Hi, > JE> I followed your instructions and I was succesfull in compiling a new > JE> kernel with IP_FIREWALL, IPFIREWALL_VERBOSE, IP_DIVERT and IP_FORWARD > JE> activated but when rebooted and tried to ping one of my servers it says > JE> "permission denied" what did I do wrong??? Another is if I compiled a new > JE> kernel from my understanding the previous kernel will be named kernel.old > JE> how would I use this kernel.old in case my new kernel does not work. > JE> Thanks a lot. > > JE> ------------------------>jOEl > > > JE> On Sun, 2 Jul 2000, Crist J. Clark wrote: > > >> On Sun, Jul 02, 2000 at 01:34:32PM +0000, Joel Eusebio wrote: > >> > Hi All, > >> > Do I have to tweak the GENERIC kernel on /usr/src/sys to activate ipfw > >> > >> No, you can just load the KLD. > >> > >> > and > >> > what does LINT do??? > >> > >> It is not a working kernel. It just lists all (pretty close to all > >> anyway) of the things you could put into a kernel config file and has > >> some useful comments. > >> > >> > If so what are the values that I have to add in the > >> > GENERIC kernel or in the LINT in order for ipfw or natd to work??? > >> > >> Go to the LINT kernel and search for IPFIREWALL. Also, see ipfw(8), > >> natd(8), and divert(4). > >> > >> > BTW I'm > >> > setting up a transparent proxy on my 4.0-stable and I've posted this > >> > before and tried the suggestions that was given to me by some helpfull > >> > people but still I can't make transparent proxy to run. Thanks again > >> > >> Well, transparent proxies need more options to run, namely, > >> IPFIREWALL_FORWARD. > >> > >> Copy GENERIC to some new file, the machine name is a popular choice, > >> add the lines you figure out you need, delete things that came from > >> GENERIC that you don't need, and build a new kernel. > >> -- > >> Crist J. Clark cjclark@alum.mit.edu > >> > > Hello Joel, > > 1- To boot an old kernel, just type boot kernel.old at the boot prompt > (I believe you have to hit a key first...I am not currently at my > machine to make sure) > 2- To ping, you need to enable ICMP which looks like this as one of my > IPFW rules in /etc/rc.firewall > > # ICMP - for ping, etc > ${fwcmd} add pass icmp from any to any > > See www.freebsddiary.org and www.mostgraveconcern/freebsd/ along with > the handbook and manpages for more info. > > This works for me. > > Good luck, > Neill > freebsd@nc.rr.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.95.1000703031221.11342A-100000>