From owner-freebsd-isp Sun Oct 27 23:41:25 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8426F37B401 for ; Sun, 27 Oct 2002 23:41:23 -0800 (PST) Received: from smarthost.enta.net (smarthost.enta.net [195.74.97.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id D727F43E3B for ; Sun, 27 Oct 2002 23:41:22 -0800 (PST) (envelope-from steve@enta.net) Received: from smartsmtp.enta.net (smtp.enta.net [195.74.97.230]) by smarthost.enta.net (Postfix) with ESMTP id 534638C2; Mon, 28 Oct 2002 07:52:23 +0000 (GMT) Received: from smtp.enta.net (localhost [127.0.0.1]) by smartsmtp.enta.net (8.12.3/8.12.3) with ESMTP id g9S7siOC006958; Mon, 28 Oct 2002 07:54:55 GMT (envelope-from steve@enta.net) Received: from steve24 (unknown [195.74.102.11]) by smtp.enta.net (Postfix) with SMTP id EB2A097860; Mon, 28 Oct 2002 07:54:43 +0000 (GMT) Message-ID: <001b01c27e55$61f3e910$0b664ac3@steve24> From: "Steve Lalonde" To: , "Jeff Palmer" References: <5.1.1.6.0.20021027215426.00ba6ec8@mail.drkshdw.org> Subject: Re: IPFW fwd doesn't seem to work Date: Mon, 28 Oct 2002 07:41:09 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Your problem is the packets are not addressed to the proxy so its just forwarding them to its default route (or droping them) you need somthing like this on the proxy ipfw add 400 allow tcp from 123.123.123.124 to any ipfw add 500 fwd 127.0.0.1 tcp from any to any 3128 I had problems here with squid running on port 3128 something to do with changing the port number in the forward rule, so I just run squid on port 80 and all works fine I do run dedicated proxies though so no web server to get in the way. Steve Lalonde Chief Technical Officer Entanet International Ltd http://www.enta.net/ *********************************************************************** IMPORTANT: DISCLAIMER NOTICE This email (and any attachment thereto) is confidential, and may be legally privileged, and is for the intended recipient only. Access, disclosure, copying, distribution or reliance on any of it by anyone else is prohibited and may be a criminal offence. Please delete if obtained in error and notify the sender. Any views expressed in this e-mail are those of the individual sender, not those of the company unless endorsed by a Director of Entanet International Ltd. *********************************************************************** ----- Original Message ----- From: "Jeff Palmer" To: ; Sent: Monday, October 28, 2002 3:01 AM Subject: IPFW fwd doesn't seem to work > Hello, > > > I run a small ISP in florida, and have decided to implement a squid proxy. > > I've got everything configured except the ipfw forward rule on the > bridge/firewall. > > The basic layout is router <---> bridge/firewall <--> switch to other > servers > > > I've added a rule to allow traffic from the proxy machine, out to the internet. > > ipfw add pass tcp from 123.123.123.123 to any 80 > > I then have a rule that is supposed to forward the other port 80 requests > to another ip/port. > > ipfw add fwd 123.123.123.124,3128 log tcp from 123.123.123.0/24 to any 80 > > Now, /var/log/security shows the rule as matching but the proxy machine > never see's the traffic. > > > Any ideas on what I'm doing wrong? > > Jeff Palmer > http://www.pci2.net > http://boards.pci2.net > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message