Date: Tue, 14 Sep 2004 10:22:16 +0530 From: Subhro <subhro.kar@gmail.com> To: JP <planoprez@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: Configuring IPFW (Firewall) and Proxy/Nylon, Help Please Message-ID: <b2807d04040913215267f50ba5@mail.gmail.com> In-Reply-To: <20040913232615.26445.qmail@web40102.mail.yahoo.com> References: <20040913232615.26445.qmail@web40102.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On Mon, 13 Sep 2004 16:26:15 -0700 (PDT), JP <planoprez@yahoo.com> wrote: > Hello There, > > I currently am a running 5.2.1-Release which is > configured as a gateway with kernel firewall support. > I have installed Squid (Proxy) and Nylon (SOCKS) which > seem to be configured fine. However, I need help in > getting all http/https traffic to only route to the > proxy (Port 3128) and all other traffic to point to > nylon (Port 1080). This way the proxy and socks > server cannot be circumvented. Could someone please > suggest some tips or a website? I am using the > standard rc.firewall configuration. > http runs on port 80 by default and https on port 443 so you can divert incoming traffic on port 80 and 443 on port 3128. And do not forget to save the states for the incoming traffic or the reply traffic wont get through. For the later section you can set up a default divert for everthing to port 1080. > Thanks! You are welcome > > Below is my rc.conf file: > > --------------- > > gateway_enable="YES" > firewall_enable="YES" > firewall_type="OPEN" <<---you need to remove this and make this point to your firewall ruleset file > natd_enable="YES" <<---You need to comment this out because if natd is running the clients can anyway get through the NAT and avoid proxy. > natd_interface="ed0" > #natd_flags="-f /etc/natd.conf" > hostname="******" > ifconfig_ed0="DHCP" > inetd_enable="YES" > keyrate="fast" > sshd_enable="YES" > usbd_enable="YES" > ifconfig_dc0="inet 192.168.1.254 netmask > 255.255.255.0" > defaultrouter="192.168.1.254" > Regards S. -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b2807d04040913215267f50ba5>