Date: Wed, 21 Jul 2004 11:39:04 -0600 From: =?iso-8859-15?Q?Carlos_Alarc=F3n?= <calarcon@iracsa.com.mx> To: freebsd-isp@freebsd.org Subject: about ipfw rules on bridge boxes Message-ID: <opsbh0nevymvvzdj@toshibalap>
index | next in thread | raw e-mail
hi, i have a freebsd box acting as a bridge on my network, two nics one of them, the external with ip, i use it as traffic shapper, this works great, i can't make yet the squid transparent proxy :(, i think that do it with a bridge it a litle strange but my question is other. Sometimes i want to display messages for my clients i made this before when i was using nat instead bridge, redirecting the ip client to my http server and i had a WEB PAGE that shows the content, this was working fine, but NAT gives me some problems so i use bridge and for me is working better, well now when i want to use this redirection again this just works when i have proxy settings on my clients navigators, when i don't have proxy settings on navigators client the redirection counter rule doesn't match, i dont know why this rule is skipped.. i adjunt my rules. i have my apache listening on port 81, i redirect all the web page request on client 172.16.1.58 and redirect it to my http running on my bridge box fwd 127.0.0.1,81 tcp from 172.16.1.58 to bash-2.05b# ipfw show 00009 0 0 fwd 127.0.0.1,81 tcp from 172.16.1.58 to any dst-port 80 00011 0 0 deny ip from any to any MAC 00:02:2d:08:fd:5c any 00200 0 0 deny ip from any to any MAC any 00:02:2d:5e:0c:e5 00300 270 9646 deny ip from any to any MAC any 00:02:2d:67:42:fa 00400 0 0 deny ip from any to any MAC any 00:02:2d:3d:39:d7 00500 0 0 deny ip from any to any MAC any 00:02:2d:09:81:3c 00600 16084 50790 deny ip from any to any MAC any 00:02:2d:67:51:e3 00900 0 0 check-state 00950 101726 44396164 pipe 2 ip from any to 172.16.1.33 01000 57611 35521514 pipe 1 ip from any to 172.16.1.0/24 01100 54714 5999093 pipe 3 ip from 172.16.1.0/24 to any 01200 640165 234909932 allow tcp from 172.16.1.33 to any setup keep-state 01300 9709 1442183 allow udp from 172.16.1.33 to any keep-state 01400 60327 29747515 allow ip from 172.16.1.33 to any 01500 2730709 1590949972 allow tcp from any to any in via xl1 setup keep-state 01600 121973 43739565 allow udp from any to any in via xl1 keep-state 01700 59348 1840715 allow ip from any to any in via xl1 01800 0 0 allow tcp from any to any dst-port 22 in via xl1 setup keep-state 01900 0 0 allow tcp from any to any dst-port 113 in via xl1 setup keep-state 02000 0 0 allow tcp from any to any dst-port 49152-65535 in via xl1 setup keep-state 02100 322819 86172666 allow udp from any to any dst-port 49152-65535 in via xl0 keep-state 02200 67 3248 allow icmp from any to any icmptypes 8 keep-state 02300 125014 13868628 allow icmp from any to any icmptypes 3 02400 3423 387572 allow icmp from any to any icmptypes 11 02500 11784223 9455880276 allow ip from any to any 65535 35 1564 deny ip from any to any thankshome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?opsbh0nevymvvzdj>