From owner-freebsd-stable@FreeBSD.ORG  Wed Sep 17 18:07:32 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E3C9B16A4B3
	for <freebsd-stable@freebsd.org>;
	Wed, 17 Sep 2003 18:07:32 -0700 (PDT)
Received: from lakemtao01.cox.net (lakemtao01.cox.net [68.1.17.244])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C1F1B43F75
	for <freebsd-stable@freebsd.org>;
	Wed, 17 Sep 2003 18:07:31 -0700 (PDT)	(envelope-from rjhjr@cox.net)
Received: from kongemord.krig.net ([68.100.111.121]) by lakemtao01.cox.net
          (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP
          id <20030918010730.GCKO29208.lakemtao01.cox.net@kongemord.krig.net>
          for <freebsd-stable@freebsd.org>; Wed, 17 Sep 2003 21:07:30 -0400
Received: by kongemord.krig.net (sSMTP sendmail emulation);
	Wed, 17 Sep 2003 21:07:29 -0400
From: "Bob Hall" <rjhjr@cox.net>
Date: Wed, 17 Sep 2003 21:07:29 -0400
To: freebsd-stable@freebsd.org
Message-ID: <20030918010728.GB14063@kongemord.krig.net>
Mail-Followup-To: freebsd-stable@freebsd.org
References: <3F669753.4040205@thepacific.net>
	<20030916064224.GA90448@e-Gitt.NET> <20030916065615.GB5711@kongemord.krig.net>
	<3F6775D0.1030501@thepacific.net> <20030916222806.GA8681@kongemord.krig.net>
	<20030917004141.GC8911@kongemord.krig.net> <3F68D526.8080909@thepacific.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3F68D526.8080909@thepacific.net>
User-Agent: Mutt/1.4.1i
Subject: Re: ipfw + trasnparent proxy
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Sep 2003 01:07:33 -0000

On Thu, Sep 18, 2003 at 09:41:58AM +1200, Marcos Biscaysaqu wrote:
> Hi Bob.
>    I have the proxy working and setting to trasnparent proxy, and I 
> have got my IPFW working. the problem is
> I have my proxy on port 3218 and I want redirect all the traffic on port 
> 80 to my proxy so the client don't need setup the proxy in them browser.
> Do you know how can I make work it with IPFW.
> thanks

OK. To recapitulate, you need
	options         IPFIREWALL         #firewall
	options         IPFIREWALL_FORWARD #enable transparent proxy support
in the kernel config file, and then you need to recompile. If IPFW works, 
then you obviously have the first. Make sure you've recompiled with the 
second also.

You need the following line in rc.firewall:
	${fwcmd} add fwd 127.0.0.1,3128 tcp from any to any 80 in via ${iif}
where iif is the internal interface that your proxy box uses to communicate 
with your LAN. For example, my firewall file contains
	iif="fxp0"

Further questions should go to freebsd-questions, rather than 
freebsd-stable. 

Bob Hall