Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Sep 2004 10:24:49 +0530
From:      Subhro <subhro.kar@gmail.com>
To:        JP <planoprez@yahoo.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Configuring IPFW (Firewall) and Proxy/Nylon, Help Please
Message-ID:  <b2807d0404091321541b587180@mail.gmail.com>
In-Reply-To: <b2807d04040913215267f50ba5@mail.gmail.com>
References:  <20040913232615.26445.qmail@web40102.mail.yahoo.com> <b2807d04040913215267f50ba5@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 14 Sep 2004 10:22:16 +0530, Subhro <subhro.kar@gmail.com> wrote:
> Hello,
> 
> 
> On Mon, 13 Sep 2004 16:26:15 -0700 (PDT), JP <planoprez@yahoo.com> wrote:
> > Hello There,
> >
> > I currently am a running 5.2.1-Release which is
> > configured as a gateway with kernel firewall support.
> > I have installed Squid (Proxy) and Nylon (SOCKS) which
> > seem to be configured fine.  However, I need help in
> > getting all http/https traffic to only route to the
> > proxy (Port 3128) and all other traffic to point to
> > nylon (Port 1080).  This way the proxy and socks
> > server cannot be circumvented.  Could someone please
> > suggest some tips or a website?  I am using the
> > standard rc.firewall configuration.
> >
> 
> http runs on port 80 by default and https on port 443 so you can
> divert incoming traffic on port 80 and 443 on port 3128. And do not
> forget to save the states for the incoming traffic or the reply
> traffic wont get through.
> 
> For the later section you can set up a  default divert for everthing
> to port 1080.
> 
> > Thanks!
> 
> You are welcome
> 
> >
> > Below is my rc.conf file:
> >
> > ---------------
> >
> > gateway_enable="YES"
> > firewall_enable="YES"
> > firewall_type="OPEN" <<---you need to remove this and make this point to your firewall ruleset file
> > natd_enable="YES"  <<---You need to comment this out because if natd is running the clients can anyway get through the NAT and avoid proxy.
> > natd_interface="ed0"
> > #natd_flags="-f /etc/natd.conf"
> > hostname="******"
> > ifconfig_ed0="DHCP"
> > inetd_enable="YES"
> > keyrate="fast"
> > sshd_enable="YES"
> > usbd_enable="YES"

Sorry to backpost but what are trying to achieve by the next two lines? 

> > ifconfig_dc0="inet 192.168.1.254  netmask
> > 255.255.255.0"
> > defaultrouter="192.168.1.254"

Regards
S.

-- 
Subhro Sankha Kar
School of Information Technology
Block AQ-13/1 Sector V
ZIP 700091
India



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b2807d0404091321541b587180>