From owner-freebsd-ipfw  Mon Mar  4 23:33:53 2002
Delivered-To: freebsd-ipfw@freebsd.org
Received: from smtpout.mac.com (smtpout.mac.com [204.179.120.85])
	by hub.freebsd.org (Postfix) with ESMTP id 47E5B37B400
	for <freebsd-ipfw@FreeBSD.ORG>; Mon,  4 Mar 2002 23:33:51 -0800 (PST)
Received: from smtp-relay02.mac.com (server-source-si02 [10.13.10.6])
	by smtpout.mac.com (8.12.1/8.10.2/1.0) with ESMTP id g257XoFD026355
	for <freebsd-ipfw@FreeBSD.ORG>; Mon, 4 Mar 2002 23:33:50 -0800 (PST)
Received: from asmtp01.mac.com ([10.13.10.65]) by
          smtp-relay02.mac.com (Netscape Messaging Server 4.15 relay02 Jun
          21 2001 23:53:48) with ESMTP id GSHP0E00.SJW for
          <freebsd-ipfw@FreeBSD.ORG>; Mon, 4 Mar 2002 23:33:50 -0800 
Received: from osx.jdk ([24.83.206.181]) by asmtp01.mac.com
          (Netscape Messaging Server 4.15 asmtp01 Jun 21 2001 23:53:48)
          with ESMTP id GSHP0D00.E0K; Mon, 4 Mar 2002 23:33:49 -0800 
Date: Mon, 4 Mar 2002 23:33:48 -0800
Subject: Re: Transparent proxy for connections originating on localhost
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v481)
Cc: freebsd-ipfw@FreeBSD.ORG
To: cjclark@alum.mit.edu
From: Jeff Koftinoff <jeffkoftinoff@mac.com>
In-Reply-To: <20020304231157.T87533@blossom.cjclark.org>
Message-Id: <556A6480-300B-11D6-A2D9-003065709198@mac.com>
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.481)
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG


On Monday, March 4, 2002, at 11:11  PM, Crist J. Clark wrote:

>>
>> When I originate the connection on an external computer, the fwd works.
>> When I originate the connection on the same computer that has the fwd
>> rule, the fwd rule causes the connect to hang.
>
> Hmmm... Wouldn't happen to have a,
>
>   pass ip from any to any via lo0
>
> At the top of your rules?
>

The only other rule I have is the default allow at the end.
sudo /sbin/ipfw show
65535 23381230 14310099719 allow ip from any to any

Do I have to make my fwd rule operate in reverse or something? Or should 
I explicitely specify the network interfaces? Or could it be that the 
following is happening:
     1) OS-X has the older ipfw code which requires the packets to
     be headed to an external interface
     2) My initial request comes from an internal process and is
     going to an external IP
     3) ipfw fwd redirects the first outgoing packet to 127.0.0.1:9999
     4) the response packet is heading back to the internal address
     5) because the response packet is internal, it is not properly
     munged by the ipfw fwd code.

Does that sound feasable?  So betcha what I am trying to do would work 
fine on a new FreeBSD system, right?

Jeff Koftinoff


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message