Date: Wed, 15 Sep 1999 13:31:22 -0400 From: Andre@HighCaliber.com (Andre Chang) To: "Ruslan Ermilov" <ru@ucb.crimea.ua> Cc: <freebsd-ipfw@FreeBSD.ORG> Subject: Re: IPFW configuration as a transparent proxy Message-ID: <002d01beffa0$210134d0$1ad2d9ce@work.highcaliber.com>
next in thread | raw e-mail | index | archive | help
-----Original Message----- From: Ruslan Ermilov <ru@ucb.crimea.ua> To: Andre Chang <Andre@HighCaliber.com> Cc: freebsd-ipfw@FreeBSD.ORG <freebsd-ipfw@FreeBSD.ORG> Date: Wednesday, September 15, 1999 3:30 AM Subject: Re: IPFW configuration as a transparent proxy >On Tue, Sep 14, 1999 at 05:15:48PM -0400, Andre Chang wrote: >> Thanks for the information, >> >> I however still havent figured out my problem.. here it is: >> >> I'm using only one interface on the machine running IPFW >> (fxp1 - the machine has 2 interfaces but I'm only using one) >> >> the client, IPFW and the proxy machine are on the same subnet >> (win98, FreeBSD 3.2-RELEASE and NT4.0 proxy respectively) >> >> the client's gateway is the IPFW machine >> >> the rule on the IPFW machine: >> ipfw add 500 fwd 10.0.0.1,80 log tcp from 10.0.0.100 to any 80 in recv fxp1 >> >> For testing purposes I specified logging and the actual ip of the client. >> >> The logs show a matched rule when I attempt to open the browser: >> ipfw: 500 Forward to 10.0.0.1:80 TCP 10.0.0.100:1158 204.141.86.3:80 in via >> fxp1 >> >> This looks ok but then the browser returns an unable to connect message. I >> cant seem to figure out what is wrong here. Any insight will be greatly >> appreciated. Thanks for the existing comments. >> >Andre! > >As Julian pointed out, you need `fwd localport' rule on proxy machine >as well. Yes I see what you are saying, unfortunatley the proxy machine is Microsoft Proxy Server, I'll have to see if I can set packet filtering on that machine. -- Andre Chang Network Engineer. High Caliber Systems, Inc. > >-- >Ruslan Ermilov Sysadmin and DBA of the >ru@ucb.crimea.ua United Commercial Bank, >ru@FreeBSD.org FreeBSD committer, >+380.652.247.647 Simferopol, Ukraine > >http://www.FreeBSD.org The Power To Serve >http://www.oracle.com Enabling The Information Age > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002d01beffa0$210134d0$1ad2d9ce>