From owner-freebsd-ipfw Wed Sep 15 10:27:30 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from nippon.highcaliber.com (nippon.highcaliber.com [206.217.210.2]) by hub.freebsd.org (Postfix) with ESMTP id AE760150C7 for ; Wed, 15 Sep 1999 10:27:21 -0700 (PDT) (envelope-from Andre@HighCaliber.com) Received: from work ([206.217.210.26]) by nippon.highcaliber.com (post.office MTA v1.9.3 ID# 0-16273) with SMTP id AAA182; Wed, 15 Sep 1999 13:30:12 -0400 Message-ID: <002d01beffa0$210134d0$1ad2d9ce@work.highcaliber.com> Reply-To: "Andre Chang" From: Andre@HighCaliber.com (Andre Chang) To: "Ruslan Ermilov" Cc: Subject: Re: IPFW configuration as a transparent proxy Date: Wed, 15 Sep 1999 13:31:22 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3612.1700 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3612.1700 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -----Original Message----- From: Ruslan Ermilov To: Andre Chang Cc: freebsd-ipfw@FreeBSD.ORG Date: Wednesday, September 15, 1999 3:30 AM Subject: Re: IPFW configuration as a transparent proxy >On Tue, Sep 14, 1999 at 05:15:48PM -0400, Andre Chang wrote: >> Thanks for the information, >> >> I however still havent figured out my problem.. here it is: >> >> I'm using only one interface on the machine running IPFW >> (fxp1 - the machine has 2 interfaces but I'm only using one) >> >> the client, IPFW and the proxy machine are on the same subnet >> (win98, FreeBSD 3.2-RELEASE and NT4.0 proxy respectively) >> >> the client's gateway is the IPFW machine >> >> the rule on the IPFW machine: >> ipfw add 500 fwd 10.0.0.1,80 log tcp from 10.0.0.100 to any 80 in recv fxp1 >> >> For testing purposes I specified logging and the actual ip of the client. >> >> The logs show a matched rule when I attempt to open the browser: >> ipfw: 500 Forward to 10.0.0.1:80 TCP 10.0.0.100:1158 204.141.86.3:80 in via >> fxp1 >> >> This looks ok but then the browser returns an unable to connect message. I >> cant seem to figure out what is wrong here. Any insight will be greatly >> appreciated. Thanks for the existing comments. >> >Andre! > >As Julian pointed out, you need `fwd localport' rule on proxy machine >as well. Yes I see what you are saying, unfortunatley the proxy machine is Microsoft Proxy Server, I'll have to see if I can set packet filtering on that machine. -- Andre Chang Network Engineer. High Caliber Systems, Inc. > >-- >Ruslan Ermilov Sysadmin and DBA of the >ru@ucb.crimea.ua United Commercial Bank, >ru@FreeBSD.org FreeBSD committer, >+380.652.247.647 Simferopol, Ukraine > >http://www.FreeBSD.org The Power To Serve >http://www.oracle.com Enabling The Information Age > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message