From owner-freebsd-stable Wed Feb 13 4:19: 2 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mail008.syd.optusnet.com.au (mail008.syd.optusnet.com.au [203.2.75.232]) by hub.freebsd.org (Postfix) with ESMTP id 8C4FC37B41A for ; Wed, 13 Feb 2002 04:18:53 -0800 (PST) Received: from john (c38884.rivrw1.nsw.optusnet.com.au [203.164.162.245]) by mail008.syd.optusnet.com.au (8.11.1/8.11.1) with SMTP id g1DCIq821345 for ; Wed, 13 Feb 2002 23:18:52 +1100 Message-ID: <006201c1b489$0ddad910$0a00a8c0@john> Reply-To: "John Davies" From: "John Davies" To: References: <20020204100307.F12914-100000@voyager.straynet.com> <20020212143101.B8237@sunbay.com> Subject: Re: dropping 127.* on the floor Date: Wed, 13 Feb 2002 23:22:07 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I've noticed since updating to 4.5-STABLE that my previously working rule in /etc/ipnat.rules has seemed to stop working, with the redirect rule i was using to use squid as a transparent proxy, the packet no longer makes it to squid and i therefore can't browse unless i comment the redirect out and restart ipnat. Anyone that can offer any suggestions, would be greatly apreiciated. My /etc/ipnat.rules if it helps.. map fxp0 192.168.0.0/24 -> 0.0.0.0/32 proxy port 21 ftp/tcp map fxp0 192.168.0.0/24 -> 0.0.0.0/32 rdr fxp1 0/0 port 80 -> 127.0.0.1 port 8080 tcp <- that rule Regards, | John Davies | System Administrator | ---- | john@phreebsd.com | http://www.hostshell.com | ---- ----- Original Message ----- From: "Ruslan Ermilov" To: "C J Michaels" Cc: "Greg Prosser" ; Sent: Tuesday, February 12, 2002 11:31 PM Subject: Re: dropping 127.* on the floor > [Replying to the previous email] > > On Mon, Feb 04, 2002 at 06:10:36PM -0500, C J Michaels wrote: > > From: Greg Prosser > > Sent: Monday, February 04, 2002 10:07 AM > > Subject: Re: dropping 127.* on the floor > > > > > > > > <...snip...> > > > According to the squid FAQ[1], they recommend using ipfw fwd rules > > > diverting traffic to 127.0.0.1 to transparently insert the cache server. > > > This behaviour is now broken, as ipfw rewrites the packet before it hits > > > the network stack, as does ipf, and both end up dropped. I've tested and > > > confirmed this on 4.5-STABLE, the rules in the FAQ did not work for me. > > > > Does squid's transparent proxying depending upon the packet being forwarded > > to the loopback? or can we just re-write the rule to push it down one of > > the other interfaces? > > > > > > > > -gnp > > > > > > [1] squid FAQ URL: http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.8 > > I can't seem to reproduce the transparent proxying breakage you report > with IPFIREWALL_FORWARD. A packet matching a "fwd 127.0.0.1,3128 tcp > from any to any 80" rule preserves its original source and destination > IP addresses and ports: > > tcp4 0 0 1.2.3.4.80 192.168.4.65.4916 ESTABLISHED > > While the machine in question has an IP address of 192.168.4.115. > In fact, 127.0.0.1 can be replaced by any local address of the system, > with the same effect. > > > Cheers, > -- > Ruslan Ermilov Sysadmin and DBA, > ru@sunbay.com Sunbay Software AG, > ru@FreeBSD.org FreeBSD committer, > +380.652.512.251 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message