From owner-freebsd-stable Thu Feb 14 17:16: 3 2002 Delivered-To: freebsd-stable@freebsd.org Received: from bdg.centrin.net.id (kumprang-popcc.teras.net.id [202.143.98.210]) by hub.freebsd.org (Postfix) with ESMTP id 2047937B402 for ; Thu, 14 Feb 2002 17:15:58 -0800 (PST) Received: by bdg.centrin.net.id (Postfix, from userid 1002) id C56A13CC; Fri, 15 Feb 2002 08:24:03 +0700 (JAVT) Date: Fri, 15 Feb 2002 08:24:03 +0700 From: budsz To: C J Michaels Cc: freebsd-stable Subject: Re: Transparant proxy Message-ID: <20020215082403.C17774@bdg.centrin.net.id> Reply-To: budsz Mail-Followup-To: budsz , C J Michaels , freebsd-stable References: <20020214162842.GA19623@leviathan.inethouston.net> <1096.10.0.0.254.1013730182.squirrel@mail.lan.27in.tv> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Md/poaVZ8hnGTzuv" Content-Disposition: inline In-Reply-To: <1096.10.0.0.254.1013730182.squirrel@mail.lan.27in.tv> User-Agent: Mutt/1.3.22.1i X-Uptime: 7:55AM up 1 day, 1:51, 2 users, load averages: 0.42, 0.37, 0.32 X-Operation-System: FreeBSD 4.4-STABLE i386 X-Geekcode: "GMU d- s++:+ a- C++ UL++ P+ L++ E- W++ N o+ K- w+ O+ M V++ PS PE Y+ PGP++ t 5 X+++ R+ tv b++ DI- D+ G++ e++ h+ r+ y+" X-Pubkey-Linux: "http://bdg.centrin.net.id/~budsan02/pubkey_Linux.txt" X-Pubkey-FreeBSD: "http://bdg.centrin.net.id/~budsan02/pubkey_FreeBSD.txt" X-Company: "Internet Cafe & Game Kumprang" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --Md/poaVZ8hnGTzuv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 14, 2002 at 06:43:02PM -0500, C J Michaels wrote: >1. What's happening? If I use rule ipfw in my posted email, it's no effect that's mean with that rule or not my client can browse to the internet. >2. Are you running squid? or what particular proxy software are you using? Yes, I use squid with ./configure enable transparent proxy of couse. >3. Does the proxy work when the browser is configured to directly using >the proxy (not transparent) and the above firewall rules are not >implemented. Yes, proxy server and ipfw rule work fine. I mean with proxy or without proxy anybody can browse to the internet. that's my problem, I want my client if browsing without proxy they shouldn't connect to the internet. >4. What firewall type is configured in /etc/rc.conf, and where in said >file are the above listed ipfw rules? Ops...I don't use type of firewall in /etc/rc.conf maybe only like : firewall_enable=3D"YES" firewall_script=3D"/etc/rc.firewall" >I think your forward rules are too broad. You are forwarding any traffic >destined for port 80 to the transparent proxy, no matter what. >Assuming your network is 192.168.0.0/24 try this rule... >add 3002 fwd 192.168.0.88,7080 tcp from 192.168.0.0/24 to any 80 OK. thanks you --=20 budsz --Md/poaVZ8hnGTzuv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8bGMy9kxLTmJpUwQRAju4AJ90bhC8rA9YToBxB9TkDmfIaY1iJwCfY7hG Ih6b8a445rdCwiwlr57HWj8= =PgQY -----END PGP SIGNATURE----- --Md/poaVZ8hnGTzuv-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message