From owner-freebsd-ipfw Thu Jun 13 1:23:58 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from chicken.orbitel.bg (chicken100.orbitel.bg [195.24.32.21]) by hub.freebsd.org (Postfix) with SMTP id 9EA3437B413 for ; Thu, 13 Jun 2002 01:23:51 -0700 (PDT) Received: (qmail 2338 invoked from network); 13 Jun 2002 08:22:43 -0000 Received: from unknown (HELO procreditbank.com) (212.95.171.9) by chicken.orbitel.bg with SMTP; 13 Jun 2002 08:22:43 -0000 Received: from itaush [172.16.248.203] by Proxy+; Thu, 13 Jun 2002 10:37:38 +0300 for From: "Ivailo Tanusheff" To: Subject: IPFW and SQUID Date: Thu, 13 Jun 2002 10:31:34 +0300 Message-ID: <012901c212ac$58442110$cbf810ac@sof.procreditbank.bg> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_012A_01C212C5.7D915910" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_012A_01C212C5.7D915910 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Dear Sirs, I have the following configuration: {Internet} <-> {SQUID1 + Net1} <-64K line-> [SQUID2] <-> {Net2} I have the following problem: In Net1 I have an important server to which there are connecting some clients from Net2 trough http and the squid server. These clients have to be able to use most of the 64K line between the two networks. In Net2 there are many clients useing the squid server as a proxy and are making "bad" traffic. My question is - how may I configure ipfw to shape the traffic for the other users. I'd tried some ways of accomplishing that task, but it seems to me, that when using proxy server, the destination IP address is not in the IP header or I'm wrong. Can you help me? Id tried: su-2.05a# ipfw -a show 00500 0 0 pipe 1 ip from any to not out 00600 0 0 pipe 2 ip from any to not in 65535 397320 84804286 allow ip from any to any As you see - there is no hit of going out of the net1. Thank you in advantage, Ivailo Tanusheff System Administrator and Security Advisor ProCredit Bank ------=_NextPart_000_012A_01C212C5.7D915910 Content-Type: text/x-vcard; name="Ivailo Tanusheff.vcf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Ivailo Tanusheff.vcf" BEGIN:VCARD VERSION:2.1 N:Tanusheff;Ivailo FN:Ivailo Tanusheff ORG:ProCredit Bank TITLE:System administrator and Security advisor TEL;WORK;VOICE:+359 2 9217161 EMAIL;PREF;INTERNET:I.Tanusheff@prokreditbank.com REV:20020510T125145Z END:VCARD ------=_NextPart_000_012A_01C212C5.7D915910-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message