From owner-freebsd-isp@FreeBSD.ORG  Mon Sep 24 05:02:50 2007
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6042616A419
	for <freebsd-isp@freebsd.org>; Mon, 24 Sep 2007 05:02:50 +0000 (UTC)
	(envelope-from dennyow@zoostation.mine.nu)
Received: from zoostation.mine.nu (ad202.166.1.182.magix.com.sg
	[202.166.1.182])
	by mx1.freebsd.org (Postfix) with ESMTP id C2E4D13C465
	for <freebsd-isp@freebsd.org>; Mon, 24 Sep 2007 05:02:49 +0000 (UTC)
	(envelope-from dennyow@zoostation.mine.nu)
Received: from zoostation.mine.nu (localhost [127.0.0.1])
	by zoostation.mine.nu (8.13.8/8.13.8) with ESMTP id l8O4hvVj038481;
	Mon, 24 Sep 2007 12:43:57 +0800 (SGT)
	(envelope-from dennyow@zoostation.mine.nu)
Received: (from dennyow@localhost)
	by zoostation.mine.nu (8.13.8/8.13.8/Submit) id l8O4hv5C038480;
	Mon, 24 Sep 2007 12:43:57 +0800 (SGT) (envelope-from dennyow)
Date: Mon, 24 Sep 2007 12:43:57 +0800
From: Denny <denow@magix.com.sg>
To: freebsd-isp@freebsd.org
Message-ID: <20070924044357.GA30086@singtel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Mutt/1.4.2.3i
Subject: freebsd 6.2 with ipfw forward not working
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2007 05:02:50 -0000

Hi,

I have a rule in ipfw to divert all destination address with tcp port 80 to=
 a local squid server. However this is working for me. When i did a tcpdump=
 on lo0, no packets are seen.

ipfw rules
add fwd 127.0.0.1,3128 log tcp from  any to any=20

and in /var/log/security shows the packet being forwarded.

This is what squid -v shows
Squid Cache: Version 2.6.STABLE16
configure options:  '--bindir=3D/usr/local/sbin' '--sbindir=3D/usr/local/sb=
in' '--datadir=3D/usr/local/etc/squid' '--libexecdir=3D/usr/local/libexec/s=
quid' '--localstatedir=3D/usr/local/squid' '--sysconfdir=3D/usr/local/etc/s=
quid' '--enable-removal-policies=3Dlru heap' '--disable-linux-netfilter' '-=
-disable-linux-tproxy' '--disable-epoll' '--enable-auth=3Dbasic ntlm digest=
' '--enable-basic-auth-helpers=3DDB NCSA PAM MSNT SMB YP' '--enable-digest-=
auth-helpers=3Dpassword' '--enable-external-acl-helpers=3Dip_user session u=
nix_group wbinfo_group' '--enable-ntlm-auth-helpers=3DSMB' '--enable-negoti=
ate-auth-helpers=3Dsquid_kerb_auth' '--enable-storeio=3Dufs diskd null' '--=
enable-pf-transparent' '--enable-ipf-transparent' '--enable-err-languages=
=3DArmenian Azerbaijani Bulgarian Catalan Czech Danish  Dutch English Eston=
ian Finnish French German Greek  Hebrew Hungarian Italian Japanese Korean L=
ithuanian  Polish Portuguese Romanian Russian-1251 Russian-koi8-r  Serbian =
Simplify_Chinese Slovak Spanish Swedish  Traditional_Chinese Turkish' '--en=
able-default-err-language=3DEnglish' '--prefix=3D/usr/local' '--mandir=3D/u=
sr/local/man' '--infodir=3D/usr/local/info/' 'i386-portbld-freebsd6.2' 'bui=
ld_alias=3Di386-portbld-freebsd6.2' 'host_alias=3Di386-portbld-freebsd6.2' =
'target_alias=3Di386-portbld-freebsd6.2' 'CC=3Dcc' 'CFLAGS=3D-O2 -fno-stric=
t-aliasing -pipe ' 'LDFLAGS=3D' 'CPPFLAGS=3D'

in /etc/sysctl.conf
net.inet.ip.forwarding=3D1

Any idea what's wrong with my config? Have i missed out anything?

Thanks,
Denny

From owner-freebsd-isp@FreeBSD.ORG  Mon Sep 24 05:02:51 2007
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 87BE516A417
	for <freebsd-isp@freebsd.org>; Mon, 24 Sep 2007 05:02:51 +0000 (UTC)
	(envelope-from dennyow@zoostation.mine.nu)
Received: from zoostation.mine.nu (ad202.166.1.182.magix.com.sg
	[202.166.1.182])
	by mx1.freebsd.org (Postfix) with ESMTP id E9F3213C467
	for <freebsd-isp@freebsd.org>; Mon, 24 Sep 2007 05:02:50 +0000 (UTC)
	(envelope-from dennyow@zoostation.mine.nu)
Received: from zoostation.mine.nu (localhost [127.0.0.1])
	by zoostation.mine.nu (8.13.8/8.13.8) with ESMTP id l8O4oZZo038580;
	Mon, 24 Sep 2007 12:50:35 +0800 (SGT)
	(envelope-from dennyow@zoostation.mine.nu)
Received: (from dennyow@localhost)
	by zoostation.mine.nu (8.13.8/8.13.8/Submit) id l8O4oZAO038579;
	Mon, 24 Sep 2007 12:50:35 +0800 (SGT) (envelope-from dennyow)
Date: Mon, 24 Sep 2007 12:50:35 +0800
From: danow@magix.com.sg
To: freebsd-isp@freebsd.org
Message-ID: <20070924045035.GB30086@singtel.com>
References: <20070924044357.GA30086@singtel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <20070924044357.GA30086@singtel.com>
User-Agent: Mutt/1.4.2.3i
Subject: freebsd 6.2 with ipfw forward not working
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2007 05:02:51 -0000

Hi,

I have a rule in ipfw to divert all destination address with tcp port 80 to=
 a local squid server. However this is working for me. When i did a tcpdump=
 on lo0, no packets are seen.

ipfw rules
add fwd 127.0.0.1,3128 log tcp from  any to any=20

and in /var/log/security shows the packet being forwarded.

This is what squid -v shows
Squid Cache: Version 2.6.STABLE16
configure options:  '--bindir=3D/usr/local/sbin' '--sbindir=3D/usr/local/sb=
in' '--datadir=3D/usr/local/etc/squid' '--libexecdir=3D/usr/local/libexec/s=
quid' '--localstatedir=3D/usr/local/squid' '--sysconfdir=3D/usr/local/etc/s=
quid' '--enable-removal-policies=3Dlru heap' '--disable-linux-netfilter' '-=
-disable-linux-tproxy' '--disable-epoll' '--enable-auth=3Dbasic ntlm digest=
' '--enable-basic-auth-helpers=3DDB NCSA PAM MSNT SMB YP' '--enable-digest-=
auth-helpers=3Dpassword' '--enable-external-acl-helpers=3Dip_user session u=
nix_group wbinfo_group' '--enable-ntlm-auth-helpers=3DSMB' '--enable-negoti=
ate-auth-helpers=3Dsquid_kerb_auth' '--enable-storeio=3Dufs diskd null' '--=
enable-pf-transparent' '--enable-ipf-transparent' '--enable-err-languages=
=3DArmenian Azerbaijani Bulgarian Catalan Czech Danish  Dutch English Eston=
ian Finnish French German Greek  Hebrew Hungarian Italian Japanese Korean L=
ithuanian  Polish Portuguese Romanian Russian-1251 Russian-koi8-r  Serbian =
Simplify_Chinese Slovak Spanish Swedish  Traditional_Chinese Turkish' '--en=
able-default-err-language=3DEnglish' '--prefix=3D/usr/local' '--mandir=3D/u=
sr/local/man' '--infodir=3D/usr/local/info/' 'i386-portbld-freebsd6.2' 'bui=
ld_alias=3Di386-portbld-freebsd6.2' 'host_alias=3Di386-portbld-freebsd6.2' =
'target_alias=3Di386-portbld-freebsd6.2' 'CC=3Dcc' 'CFLAGS=3D-O2 -fno-stric=
t-aliasing -pipe ' 'LDFLAGS=3D' 'CPPFLAGS=3D'

in /etc/sysctl.conf
net.inet.ip.forwarding=3D1

In kernel config,
options IPFIREWALL
options IPFIREWALL_FORWARD


Any idea what's wrong with my config? Have i missed out anything?

Thanks,
Denny

From owner-freebsd-isp@FreeBSD.ORG  Mon Sep 24 06:44:25 2007
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 89BBA16A418
	for <freebsd-isp@freebsd.org>; Mon, 24 Sep 2007 06:44:25 +0000 (UTC)
	(envelope-from rymkus@inbox.ru)
Received: from mx34.mail.ru (mx38.mail.ru [194.67.23.34])
	by mx1.freebsd.org (Postfix) with ESMTP id DB96813C469
	for <freebsd-isp@freebsd.org>; Mon, 24 Sep 2007 06:44:24 +0000 (UTC)
	(envelope-from rymkus@inbox.ru)
Received: from [217.170.82.198] (port=34734 helo=sysadmin.modul.spb.ru)
	by mx34.mail.ru with esmtp 
	id 1IZhfh-0001h1-00; Mon, 24 Sep 2007 10:43:58 +0400
Date: Mon, 24 Sep 2007 10:44:22 +0400
From: "A.Rymkus" <rymkus@inbox.ru>
X-Mailer: The Bat! (v3.99.3) Professional
X-Priority: 3 (Normal)
Message-ID: <1732993630.20070924104422@inbox.ru>
To: danow@magix.com.sg
In-Reply-To: <20070924045035.GB30086@singtel.com>
References: <20070924044357.GA30086@singtel.com>
	<20070924045035.GB30086@singtel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-isp@freebsd.org
Subject: Re: freebsd 6.2 with ipfw forward not working
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "A.Rymkus" <rymkus@inbox.ru>
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2007 06:44:25 -0000

Hi, danow.

You wrote at 24.09.2007, 8:50:35:

dmcs> Hi,

dmcs> I have a rule in ipfw to divert all destination address with
dmcs> tcp port 80 to a local squid server. However this is working for
dmcs> me. When i did a tcpdump on lo0, no packets are seen.

dmcs> ipfw rules
dmcs> add fwd 127.0.0.1,3128 log tcp from  any to any 

dmcs> and in /var/log/security shows the packet being forwarded.

dmcs> This is what squid -v shows
dmcs> Squid Cache: Version 2.6.STABLE16
dmcs> configure options:  '--bindir=/usr/local/sbin'
dmcs> '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid'
dmcs> '--libexecdir=/usr/local/libexec/squid'
dmcs> '--localstatedir=/usr/local/squid'
dmcs> '--sysconfdir=/usr/local/etc/squid'
dmcs> '--enable-removal-policies=lru heap' '--disable-linux-netfilter'
dmcs> '--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic
dmcs> ntlm digest' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB
dmcs> YP' '--enable-digest-auth-helpers=password'
dmcs> '--enable-external-acl-helpers=ip_user session unix_group
dmcs> wbinfo_group' '--enable-ntlm-auth-helpers=SMB'
dmcs> '--enable-negotiate-auth-helpers=squid_kerb_auth'
dmcs> '--enable-storeio=ufs diskd null' '--enable-pf-transparent'
dmcs> '--enable-ipf-transparent' '--enable-err-languages=Armenian
dmcs> Azerbaijani Bulgarian Catalan Czech Danish  Dutch English
dmcs> Estonian Finnish French German Greek  Hebrew Hungarian Italian
dmcs> Japanese Korean Lithuanian  Polish Portuguese Romanian
dmcs> Russian-1251 Russian-koi8-r  Serbian Simplify_Chinese Slovak
dmcs> Spanish Swedish  Traditional_Chinese Turkish'
dmcs> '--enable-default-err-language=English' '--prefix=/usr/local'
dmcs> '--mandir=/usr/local/man' '--infodir=/usr/local/info/'
dmcs> 'i386-portbld-freebsd6.2' 'build_alias=i386-portbld-freebsd6.2'
dmcs> 'host_alias=i386-portbld-freebsd6.2'
dmcs> 'target_alias=i386-portbld-freebsd6.2' 'CC=cc' 'CFLAGS=-O2
dmcs> -fno-strict-aliasing -pipe ' 'LDFLAGS=' 'CPPFLAGS='

dmcs> in /etc/sysctl.conf
dmcs> net.inet.ip.forwarding=1

dmcs> In kernel config,
dmcs> options IPFIREWALL
dmcs> options IPFIREWALL_FORWARD


dmcs> Any idea what's wrong with my config? Have i missed out anything?

dmcs> Thanks,
dmcs> Denny
dmcs> _______________________________________________
dmcs> freebsd-isp@freebsd.org mailing list
dmcs> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
dmcs> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

works for me. only difference is that I use that rules as follows:

ipfw fwd 127.0.0.1,3128 log tcp from {internal_net} to any 80
ipfw fwd 127.0.0.1,3128 log tcp from {internal_net} to any 3128
ipfw fwd 127.0.0.1,3128 log tcp from {internal_net} to any 8080


-- 
WBR, A.Rymkus


From owner-freebsd-isp@FreeBSD.ORG  Mon Sep 24 06:45:49 2007
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1E4E816A46E
	for <freebsd-isp@freebsd.org>; Mon, 24 Sep 2007 06:45:49 +0000 (UTC)
	(envelope-from rymkus@inbox.ru)
Received: from mx33.mail.ru (mx33.mail.ru [194.67.23.194])
	by mx1.freebsd.org (Postfix) with ESMTP id B8F8413C4C4
	for <freebsd-isp@freebsd.org>; Mon, 24 Sep 2007 06:45:48 +0000 (UTC)
	(envelope-from rymkus@inbox.ru)
Received: from [217.170.82.198] (port=59398 helo=sysadmin.modul.spb.ru)
	by mx33.mail.ru with esmtp 
	id 1IZhhT-000K5A-00; Mon, 24 Sep 2007 10:45:47 +0400
Date: Mon, 24 Sep 2007 10:45:45 +0400
From: "A.Rymkus" <rymkus@inbox.ru>
X-Mailer: The Bat! (v3.99.3) Professional
X-Priority: 3 (Normal)
Message-ID: <1561231556.20070924104545@inbox.ru>
To: danow@magix.com.sg
In-Reply-To: <20070924045035.GB30086@singtel.com>
References: <20070924044357.GA30086@singtel.com>
	<20070924045035.GB30086@singtel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-isp@freebsd.org
Subject: Re: freebsd 6.2 with ipfw forward not working
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "A.Rymkus" <rymkus@inbox.ru>
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2007 06:45:49 -0000

Hi, danow.

You wrote at 24.09.2007, 8:50:35:

dmcs> Hi,

dmcs> I have a rule in ipfw to divert all destination address with
dmcs> tcp port 80 to a local squid server. However this is working for
dmcs> me. When i did a tcpdump on lo0, no packets are seen.

dmcs> ipfw rules
dmcs> add fwd 127.0.0.1,3128 log tcp from  any to any 

dmcs> and in /var/log/security shows the packet being forwarded.

dmcs> This is what squid -v shows
dmcs> Squid Cache: Version 2.6.STABLE16
dmcs> configure options:  '--bindir=/usr/local/sbin'
dmcs> '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid'
dmcs> '--libexecdir=/usr/local/libexec/squid'
dmcs> '--localstatedir=/usr/local/squid'
dmcs> '--sysconfdir=/usr/local/etc/squid'
dmcs> '--enable-removal-policies=lru heap' '--disable-linux-netfilter'
dmcs> '--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic
dmcs> ntlm digest' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB
dmcs> YP' '--enable-digest-auth-helpers=password'
dmcs> '--enable-external-acl-helpers=ip_user session unix_group
dmcs> wbinfo_group' '--enable-ntlm-auth-helpers=SMB'
dmcs> '--enable-negotiate-auth-helpers=squid_kerb_auth'
dmcs> '--enable-storeio=ufs diskd null' '--enable-pf-transparent'
dmcs> '--enable-ipf-transparent' '--enable-err-languages=Armenian
dmcs> Azerbaijani Bulgarian Catalan Czech Danish  Dutch English
dmcs> Estonian Finnish French German Greek  Hebrew Hungarian Italian
dmcs> Japanese Korean Lithuanian  Polish Portuguese Romanian
dmcs> Russian-1251 Russian-koi8-r  Serbian Simplify_Chinese Slovak
dmcs> Spanish Swedish  Traditional_Chinese Turkish'
dmcs> '--enable-default-err-language=English' '--prefix=/usr/local'
dmcs> '--mandir=/usr/local/man' '--infodir=/usr/local/info/'
dmcs> 'i386-portbld-freebsd6.2' 'build_alias=i386-portbld-freebsd6.2'
dmcs> 'host_alias=i386-portbld-freebsd6.2'
dmcs> 'target_alias=i386-portbld-freebsd6.2' 'CC=cc' 'CFLAGS=-O2
dmcs> -fno-strict-aliasing -pipe ' 'LDFLAGS=' 'CPPFLAGS='

dmcs> in /etc/sysctl.conf
dmcs> net.inet.ip.forwarding=1

dmcs> In kernel config,
dmcs> options IPFIREWALL
dmcs> options IPFIREWALL_FORWARD


dmcs> Any idea what's wrong with my config? Have i missed out anything?

dmcs> Thanks,
dmcs> Denny
dmcs> _______________________________________________
dmcs> freebsd-isp@freebsd.org mailing list
dmcs> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
dmcs> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

I've rememberd what squid didn't replyed properly for that packets
without remake with option for use transparent mode!

-- 
WBR, A.Rymkus