Date: Tue, 14 Sep 1999 11:34:06 -0700 (PDT) From: Julian Elischer <julian@whistle.com> To: Andre Chang <Andre@HighCaliber.com> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: IPFW configuration as a transparent proxy Message-ID: <Pine.BSF.3.95.990914111804.1204D-100000@current1.whistle.com> In-Reply-To: <021401befedd$27a14320$1ad2d9ce@work.highcaliber.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The fwd option forces a packet to be sent to: 1/ a nominated local socket or 2/ out a nominated interface tot a nominated 2nd machine. However it doesn't change the packet in any way.. this means that in case (2) above, the second machine will not accept the packet unless it also has a 'fwd' rule to make it do soi( as in case 1). If this is not the case, it will examine the packet and send it towards it's original destination. In the first case, This basically allows transparent proxy, by redirecting all outgoing requests to port 80 (that are not starting at the local machine) (i.e. requests coming in on the local interface that would normally be routed out your WAN interface) to be redirected to whatever port your proxy is listenning on. e.g. ipfw add 2 fwd 127.0.0.1,3137 tcp from any to any 80 out recv ed1 xmit ng0 This redirects any packets that are about to go out through ng0 (our LAN frame relay link), that originated on the LAN (ed1).The reson for being so specific is that we don't want to capture the requests that the proxy makes! hope this helps! julian On Tue, 14 Sep 1999, Andre Chang wrote: > Hello, > > I would like to know if this is the place to ask about configuring IPFW to > serve > as a transparent proxy by use of the IPFW's "fwd" option. > > Is there anyone who has used this option toward this goal or something > similar? > Any response on this topic would be greatly appreciated. Thank You. > > -- Andre Chang > Network Engineer. > High Caliber Systems, Inc. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.990914111804.1204D-100000>