Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Sep 2004 10:22:16 +0530
From:      Subhro <subhro.kar@gmail.com>
To:        JP <planoprez@yahoo.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Configuring IPFW (Firewall) and Proxy/Nylon, Help Please
Message-ID:  <b2807d04040913215267f50ba5@mail.gmail.com>
In-Reply-To: <20040913232615.26445.qmail@web40102.mail.yahoo.com>
References:  <20040913232615.26445.qmail@web40102.mail.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello,


On Mon, 13 Sep 2004 16:26:15 -0700 (PDT), JP <planoprez@yahoo.com> wrote:
> Hello There,
> 
> I currently am a running 5.2.1-Release which is
> configured as a gateway with kernel firewall support.
> I have installed Squid (Proxy) and Nylon (SOCKS) which
> seem to be configured fine.  However, I need help in
> getting all http/https traffic to only route to the
> proxy (Port 3128) and all other traffic to point to
> nylon (Port 1080).  This way the proxy and socks
> server cannot be circumvented.  Could someone please
> suggest some tips or a website?  I am using the
> standard rc.firewall configuration.
> 

http runs on port 80 by default and https on port 443 so you can
divert incoming traffic on port 80 and 443 on port 3128. And do not
forget to save the states for the incoming traffic or the reply
traffic wont get through.

For the later section you can set up a  default divert for everthing
to port 1080.

> Thanks!

You are welcome

> 
> Below is my rc.conf file:
> 
> ---------------
> 
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_type="OPEN" <<---you need to remove this and make this point to your firewall ruleset file
> natd_enable="YES"  <<---You need to comment this out because if natd is running the clients can anyway get through the NAT and avoid proxy.
> natd_interface="ed0"
> #natd_flags="-f /etc/natd.conf"
> hostname="******"
> ifconfig_ed0="DHCP"
> inetd_enable="YES"
> keyrate="fast"
> sshd_enable="YES"
> usbd_enable="YES"
> ifconfig_dc0="inet 192.168.1.254  netmask
> 255.255.255.0"
> defaultrouter="192.168.1.254"
> 

Regards
S.


-- 
Subhro Sankha Kar
School of Information Technology
Block AQ-13/1 Sector V
ZIP 700091
India



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b2807d04040913215267f50ba5>