From owner-freebsd-questions@FreeBSD.ORG Thu Apr 15 14:53:22 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 74097106564A for ; Thu, 15 Apr 2010 14:53:22 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18]) by mx1.freebsd.org (Postfix) with ESMTP id 0C20E8FC1A for ; Thu, 15 Apr 2010 14:53:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by ezekiel.daleco.biz (8.14.3/8.14.2) with ESMTP id o3FErKJQ015832; Thu, 15 Apr 2010 09:53:20 -0500 (CDT) (envelope-from kdk@daleco.biz) X-Virus-Scanned: amavisd-new at daleco.biz Received: from ezekiel.daleco.biz ([127.0.0.1]) by localhost (ezekiel.daleco.biz [127.0.0.1]) (amavisd-new, port 10024) with LMTP id HFQKGe0JsI6P; Thu, 15 Apr 2010 09:53:18 -0500 (CDT) Received: from archangel.daleco.biz (ezekiel.daleco.biz [66.76.92.18]) by ezekiel.daleco.biz (8.14.3/8.14.3) with ESMTP id o3FErBq9015826; Thu, 15 Apr 2010 09:53:13 -0500 (CDT) (envelope-from kdk@daleco.biz) Message-ID: <4BC72857.3050502@daleco.biz> Date: Thu, 15 Apr 2010 09:53:11 -0500 From: Kevin Kinsey User-Agent: Thunderbird 2.0.0.23 (X11/20090929) MIME-Version: 1.0 To: Mexican Loser References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: dansguardian + squid running on local machine X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Apr 2010 14:53:22 -0000 Mexican Loser wrote: > Hello fellow BSD users - > > I have dansguardian listening on 127.0.0.0.1:8080 -> squid listening on > 127.0.0.1:3128 on the same computer for content filtering and caching for > the kids. > > I also have ipfw ruleset. I'm able to browse the Internet fine but I just > want to make sure http requests are going through my ipfw ruleset. How do I > know if my websites requests are going through the ipfw rules and coming > back through them? > > The rule below allows everything through the loop back interface, is that > whats allowing squid and dansguardian to work? If so, I would like to know > what rules specifically I can add specifically for dansguardian and squid? > > > allow all from any to any via lo0 For starters, read up in the Handbook on ipfw. You're really going to want to understand what you are doing. It may help to define your rules in English, then try and figure out the syntax for ipfw. You should look carefully at your network setup. I'm assuming you have a BSD box dual-homed to your ISP, and doing NAT for your LAN? Your loopback interface must always work, otherwise Bad Stuff(tm) will happen. That's the rule you have up there. After that, write out your rules in English: 1. I can connect to anything from the gateway/server. 2. Nothing can come in from outside. 2. No one else can connect to anything outside the gateway/server. 4. Everyone inside can connect to the gateway/server. Etc. After that, it's just a matter of figuring out ipfw's syntax. HTH, Kevin Kinsey P.S. You'll get some recommendations for other firewalls, too. Use which ever one makes sense to you :-)