Date: Wed, 13 Feb 2002 23:22:07 +1100 From: "John Davies" <john@phreebsd.com> To: <stable@freebsd.org> Subject: Re: dropping 127.* on the floor Message-ID: <006201c1b489$0ddad910$0a00a8c0@john> References: <20020204100307.F12914-100000@voyager.straynet.com> <CDEJIONOMGKHCNHBALKPAEJICAAA.cjm2@earthling.net> <20020212143101.B8237@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I've noticed since updating to 4.5-STABLE that my previously working rule in /etc/ipnat.rules has seemed to stop working, with the redirect rule i was using to use squid as a transparent proxy, the packet no longer makes it to squid and i therefore can't browse unless i comment the redirect out and restart ipnat. Anyone that can offer any suggestions, would be greatly apreiciated. My /etc/ipnat.rules if it helps.. map fxp0 192.168.0.0/24 -> 0.0.0.0/32 proxy port 21 ftp/tcp map fxp0 192.168.0.0/24 -> 0.0.0.0/32 rdr fxp1 0/0 port 80 -> 127.0.0.1 port 8080 tcp <- that rule Regards, | John Davies | System Administrator | ---- | john@phreebsd.com | http://www.hostshell.com | ---- ----- Original Message ----- From: "Ruslan Ermilov" <ru@FreeBSD.ORG> To: "C J Michaels" <cjm2@earthling.net> Cc: "Greg Prosser" <greg@straynet.com>; <stable@FreeBSD.ORG> Sent: Tuesday, February 12, 2002 11:31 PM Subject: Re: dropping 127.* on the floor > [Replying to the previous email] > > On Mon, Feb 04, 2002 at 06:10:36PM -0500, C J Michaels wrote: > > From: Greg Prosser > > Sent: Monday, February 04, 2002 10:07 AM > > Subject: Re: dropping 127.* on the floor > > > > > > > > <...snip...> > > > According to the squid FAQ[1], they recommend using ipfw fwd rules > > > diverting traffic to 127.0.0.1 to transparently insert the cache server. > > > This behaviour is now broken, as ipfw rewrites the packet before it hits > > > the network stack, as does ipf, and both end up dropped. I've tested and > > > confirmed this on 4.5-STABLE, the rules in the FAQ did not work for me. > > > > Does squid's transparent proxying depending upon the packet being forwarded > > to the loopback? or can we just re-write the rule to push it down one of > > the other interfaces? > > > > > > > > -gnp > > > > > > [1] squid FAQ URL: http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.8 > > I can't seem to reproduce the transparent proxying breakage you report > with IPFIREWALL_FORWARD. A packet matching a "fwd 127.0.0.1,3128 tcp > from any to any 80" rule preserves its original source and destination > IP addresses and ports: > > tcp4 0 0 1.2.3.4.80 192.168.4.65.4916 ESTABLISHED > > While the machine in question has an IP address of 192.168.4.115. > In fact, 127.0.0.1 can be replaced by any local address of the system, > with the same effect. > > > Cheers, > -- > Ruslan Ermilov Sysadmin and DBA, > ru@sunbay.com Sunbay Software AG, > ru@FreeBSD.org FreeBSD committer, > +380.652.512.251 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006201c1b489$0ddad910$0a00a8c0>