From owner-freebsd-questions@FreeBSD.ORG Tue Jan 9 14:28:52 2007 Return-Path: X-Original-To: freebsd-questions@FreeBSD.ORG Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 95D9F16A416 for ; Tue, 9 Jan 2007 14:28:52 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.freebsd.org (Postfix) with ESMTP id 22E6713C457 for ; Tue, 9 Jan 2007 14:28:51 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (uzyroz@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id l09ESiYb011053; Tue, 9 Jan 2007 15:28:49 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id l09ESiAR011052; Tue, 9 Jan 2007 15:28:44 +0100 (CET) (envelope-from olli) Date: Tue, 9 Jan 2007 15:28:44 +0100 (CET) Message-Id: <200701091428.l09ESiAR011052@lurza.secnetix.de> From: Oliver Fromme To: freebsd-questions@FreeBSD.ORG, teklimbu@wlink.com.np In-Reply-To: <20070109162922.9549fa55.teklimbu@wlink.com.np> X-Newsgroups: list.freebsd-questions User-Agent: tin/1.8.2-20060425 ("Shillay") (UNIX) (FreeBSD/4.11-STABLE (i386)) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Tue, 09 Jan 2007 15:28:50 +0100 (CET) Cc: Subject: Re: Using IPFW to bypass hotmail.com X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@FreeBSD.ORG, teklimbu@wlink.com.np List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2007 14:28:52 -0000 Tek Bahadur Limbu wrote: > I run a transparent squid proxy using IPFW below: > > ipfw -q add allow tcp from 192.168.55.0/24 to any 3128 in via bge0 That's not the rule for transparent proxying. For that you need a "forward" (or "fwd") rule, not an "allow" rule. (Of course, the "allow" rule above might still be needed, but it's not the one that actually enables the transparent proxying). > Now I want the IP: 192.168.55.22 to bypass Squid when requesting > www.hotmail.com. > > How do I go about doing this using IPFW? Can somebody shed some light > on this issue? Simply add an "allow" rule for that IP, and place it _before_ the "forward" (or "fwd") rule in your rule set: allow tcp from 192.168.55.22 to www.hotmail.com Note that the hostname is not resolved dynamically, but at the time the rule is added to teh rule set. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "To this day, many C programmers believe that 'strong typing' just means pounding extra hard on the keyboard." -- Peter van der Linden