From owner-freebsd-questions  Tue Jun 13 11:24:30 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from privatecube.privatelabs.com (privatecube.privatelabs.com [198.143.31.30])
	by hub.freebsd.org (Postfix) with ESMTP
	id 594F337C05F; Tue, 13 Jun 2000 11:24:20 -0700 (PDT)
	(envelope-from mi@privatelabs.com)
Received: from misha.privatelabs.com (root@misha.privatelabs.com [198.143.31.6])
	by privatecube.privatelabs.com (8.9.3/8.9.2) with ESMTP id OAA27262;
	Tue, 13 Jun 2000 14:22:53 -0400
Received: (from mi@localhost)
	by misha.privatelabs.com (8.9.3/8.9.3) id OAA61647;
	Tue, 13 Jun 2000 14:23:20 -0400 (EDT)
	(envelope-from mi)
From: Mikhail Teterin <mi@privatelabs.com>
Message-Id: <200006131823.OAA61647@misha.privatelabs.com>
Subject: diverted packets never leave the box
To: questions@freebsd.org, stable@freebsd.org
Date: Tue, 13 Jun 2000 14:23:20 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello!

I'm trying to  force all of the  requests to the web-server  (www) go to
the squid box first (squid is running on a separate machine -- squid). I
set up the ipfw rules on the web-server as follows

	allow log tcp from squid to www http
	divert 8668 log tcp from not squid to www http in
	divert 8668 log tcp from squid to www
	allow ip from any to any

I start natd on www as:
	natd -proxy_only -proxy_rule \
			type encode_tcp_stream \
			port http \
			server squid:3128 \
		-a www -verbose -reverse

When I try to connect to www:80  from the third machine (named misha), I
see natd on www output the following (IP addresses changed to names):

	In [TCP]  [TCP] misha:4393 -> www:80 aliased to
		  [TCP] www:4393 -> squid:3128

which is what  I want (I think). However, according  to tcpdumps running
on both  squid and www no  packets actually arrive to  the squid machine
and my connections (from misha) time out.

How do I make packets that are diverted (to natd) be resent to their new
destinations? I'd rather use the ipfw/natd combination then transproxy.

TIA,

	-mi


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message