Date: Mon, 28 Oct 2002 07:41:09 -0000 From: "Steve Lalonde" <steve@enta.net> To: <freebsd-isp@FreeBSD.ORG>, "Jeff Palmer" <scorpio@drkshdw.org> Subject: Re: IPFW fwd doesn't seem to work Message-ID: <001b01c27e55$61f3e910$0b664ac3@steve24> References: <5.1.1.6.0.20021027215426.00ba6ec8@mail.drkshdw.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Your problem is the packets are not addressed to the proxy so its just forwarding them to its default route (or droping them) you need somthing like this on the proxy ipfw add 400 allow tcp from 123.123.123.124 to any ipfw add 500 fwd 127.0.0.1 tcp from any to any 3128 I had problems here with squid running on port 3128 something to do with changing the port number in the forward rule, so I just run squid on port 80 and all works fine I do run dedicated proxies though so no web server to get in the way. Steve Lalonde Chief Technical Officer Entanet International Ltd http://www.enta.net/ *********************************************************************** IMPORTANT: DISCLAIMER NOTICE This email (and any attachment thereto) is confidential, and may be legally privileged, and is for the intended recipient only. Access, disclosure, copying, distribution or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and notify the sender. Any views expressed in this e-mail are those of the individual sender, not those of the company unless endorsed by a Director of Entanet International Ltd. *********************************************************************** ----- Original Message ----- From: "Jeff Palmer" <scorpio@drkshdw.org> To: <freebsd-isp@FreeBSD.ORG>; <freebsd-questions@FreeBSD.ORG> Sent: Monday, October 28, 2002 3:01 AM Subject: IPFW fwd doesn't seem to work > Hello, > > > I run a small ISP in florida, and have decided to implement a squid proxy. > > I've got everything configured except the ipfw forward rule on the > bridge/firewall. > > The basic layout is router <---> bridge/firewall <--> switch to other > servers > > > I've added a rule to allow traffic from the proxy machine, out to the internet. > > ipfw add pass tcp from 123.123.123.123 to any 80 > > I then have a rule that is supposed to forward the other port 80 requests > to another ip/port. > > ipfw add fwd 123.123.123.124,3128 log tcp from 123.123.123.0/24 to any 80 > > Now, /var/log/security shows the rule as matching but the proxy machine > never see's the traffic. > > > Any ideas on what I'm doing wrong? > > Jeff Palmer > http://www.pci2.net > http://boards.pci2.net > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001b01c27e55$61f3e910$0b664ac3>