From owner-freebsd-net Fri Feb 2 13: 1:25 2001 Delivered-To: freebsd-net@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id 6BBF237B401; Fri, 2 Feb 2001 13:01:04 -0800 (PST) Received: from localhost (nick@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id NAA73783; Fri, 2 Feb 2001 13:59:50 -0700 (MST) Date: Fri, 2 Feb 2001 13:59:50 -0700 (MST) From: Nick Rogness To: Julian Elischer Cc: Joao Carlos Mendes Luis , mi@aldan.algebra.com, questions@FreeBSD.ORG, net@FreeBSD.ORG Subject: Re: transparent proxying through a separate machine In-Reply-To: <3A7ACA03.BA4D3F31@elischer.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 2 Feb 2001, Julian Elischer wrote: > Joao Carlos Mendes Luis wrote: > > > > ipfw add allow ip from any to any out > > the probele is the line above. > > > > ipfw add fwd localhost,3128 log tcp from any to any 3128 in > > the above shoudl be 'out'.. FWD is not symetrical.. > you can only fwd locally on 'in' and fwd remotly on 'out'. It says this in the > man page but it's a bit hard to read. I should fix it.. After playing with fwd for a while, I re-read the ipfw man page and picked up that it only applies to packets leaving the system. However, when I was testing this I had fwd setup on incoming packets and added the 'log' keyword so I could see what was going on. It did report via syslog that packets were being forwarded to the address even though they weren't. That was the confusing part. A little rewording on the man page would help. Thanks for the clarification. Nick Rogness - Keep on routing in a Free World... "FreeBSD: The Power to Serve " To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message