From owner-freebsd-stable Tue Feb 12 4:36: 1 2002 Delivered-To: freebsd-stable@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id BB5CE37B422 for ; Tue, 12 Feb 2002 04:35:52 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.6/8.11.2) id g1CCV1U10937; Tue, 12 Feb 2002 14:31:01 +0200 (EET) (envelope-from ru) Date: Tue, 12 Feb 2002 14:31:01 +0200 From: Ruslan Ermilov To: C J Michaels Cc: Greg Prosser , stable@FreeBSD.ORG Subject: Re: dropping 127.* on the floor Message-ID: <20020212143101.B8237@sunbay.com> References: <20020204100307.F12914-100000@voyager.straynet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.23i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [Replying to the previous email] On Mon, Feb 04, 2002 at 06:10:36PM -0500, C J Michaels wrote: > From: Greg Prosser > Sent: Monday, February 04, 2002 10:07 AM > Subject: Re: dropping 127.* on the floor > > > > > <...snip...> > > According to the squid FAQ[1], they recommend using ipfw fwd rules > > diverting traffic to 127.0.0.1 to transparently insert the cache server. > > This behaviour is now broken, as ipfw rewrites the packet before it hits > > the network stack, as does ipf, and both end up dropped. I've tested and > > confirmed this on 4.5-STABLE, the rules in the FAQ did not work for me. > > Does squid's transparent proxying depending upon the packet being forwarded > to the loopback? or can we just re-write the rule to push it down one of > the other interfaces? > > > > > -gnp > > > > [1] squid FAQ URL: http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.8 I can't seem to reproduce the transparent proxying breakage you report with IPFIREWALL_FORWARD. A packet matching a "fwd 127.0.0.1,3128 tcp from any to any 80" rule preserves its original source and destination IP addresses and ports: tcp4 0 0 1.2.3.4.80 192.168.4.65.4916 ESTABLISHED While the machine in question has an IP address of 192.168.4.115. In fact, 127.0.0.1 can be replaced by any local address of the system, with the same effect. Cheers, -- Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message