Date: Mon, 4 Mar 2002 23:33:48 -0800 From: Jeff Koftinoff <jeffkoftinoff@mac.com> To: cjclark@alum.mit.edu Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Transparent proxy for connections originating on localhost Message-ID: <556A6480-300B-11D6-A2D9-003065709198@mac.com> In-Reply-To: <20020304231157.T87533@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, March 4, 2002, at 11:11 PM, Crist J. Clark wrote:
>>
>> When I originate the connection on an external computer, the fwd works.
>> When I originate the connection on the same computer that has the fwd
>> rule, the fwd rule causes the connect to hang.
>
> Hmmm... Wouldn't happen to have a,
>
> pass ip from any to any via lo0
>
> At the top of your rules?
>
The only other rule I have is the default allow at the end.
sudo /sbin/ipfw show
65535 23381230 14310099719 allow ip from any to any
Do I have to make my fwd rule operate in reverse or something? Or should
I explicitely specify the network interfaces? Or could it be that the
following is happening:
1) OS-X has the older ipfw code which requires the packets to
be headed to an external interface
2) My initial request comes from an internal process and is
going to an external IP
3) ipfw fwd redirects the first outgoing packet to 127.0.0.1:9999
4) the response packet is heading back to the internal address
5) because the response packet is internal, it is not properly
munged by the ipfw fwd code.
Does that sound feasable? So betcha what I am trying to do would work
fine on a new FreeBSD system, right?
Jeff Koftinoff
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?556A6480-300B-11D6-A2D9-003065709198>