Date: Tue, 14 Sep 2004 10:24:49 +0530 From: Subhro <subhro.kar@gmail.com> To: JP <planoprez@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: Configuring IPFW (Firewall) and Proxy/Nylon, Help Please Message-ID: <b2807d0404091321541b587180@mail.gmail.com> In-Reply-To: <b2807d04040913215267f50ba5@mail.gmail.com> References: <20040913232615.26445.qmail@web40102.mail.yahoo.com> <b2807d04040913215267f50ba5@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 14 Sep 2004 10:22:16 +0530, Subhro <subhro.kar@gmail.com> wrote: > Hello, > > > On Mon, 13 Sep 2004 16:26:15 -0700 (PDT), JP <planoprez@yahoo.com> wrote: > > Hello There, > > > > I currently am a running 5.2.1-Release which is > > configured as a gateway with kernel firewall support. > > I have installed Squid (Proxy) and Nylon (SOCKS) which > > seem to be configured fine. However, I need help in > > getting all http/https traffic to only route to the > > proxy (Port 3128) and all other traffic to point to > > nylon (Port 1080). This way the proxy and socks > > server cannot be circumvented. Could someone please > > suggest some tips or a website? I am using the > > standard rc.firewall configuration. > > > > http runs on port 80 by default and https on port 443 so you can > divert incoming traffic on port 80 and 443 on port 3128. And do not > forget to save the states for the incoming traffic or the reply > traffic wont get through. > > For the later section you can set up a default divert for everthing > to port 1080. > > > Thanks! > > You are welcome > > > > > Below is my rc.conf file: > > > > --------------- > > > > gateway_enable="YES" > > firewall_enable="YES" > > firewall_type="OPEN" <<---you need to remove this and make this point to your firewall ruleset file > > natd_enable="YES" <<---You need to comment this out because if natd is running the clients can anyway get through the NAT and avoid proxy. > > natd_interface="ed0" > > #natd_flags="-f /etc/natd.conf" > > hostname="******" > > ifconfig_ed0="DHCP" > > inetd_enable="YES" > > keyrate="fast" > > sshd_enable="YES" > > usbd_enable="YES" Sorry to backpost but what are trying to achieve by the next two lines? > > ifconfig_dc0="inet 192.168.1.254 netmask > > 255.255.255.0" > > defaultrouter="192.168.1.254" Regards S. -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b2807d0404091321541b587180>