Date: Thu, 3 Feb 2000 11:45:53 +0000 (GMT) From: Mark Powell <M.S.Powell@salford.ac.uk> To: =?iso-8859-1?Q?Edstr=F6m?= Johan <johan.edstrom@hygiene.sca.se> Cc: freebsd-net@freebsd.org Subject: Re: Can 3.4-S cope with packets not addressed to it? Message-ID: <Pine.BSF.4.05.10002031028190.26330-100000@plato.salford.ac.uk> In-Reply-To: <38994D95.B78301A4@hygiene.sca.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 3 Feb 2000, Edstr=F6m Johan wrote:
> Check out transparent proxy at the squid site.
I think the stumbling block was that I'd never used any of this filtering
stuff before. I was thinking that BSD wouldn't accept a packet addressed
to it, but obviously if it can perform as a router, it must be able to,
doh!
On a web cache connected to the router:
ipfw add 49 allow tcp from 10.0.1.1 to any
ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80
will achieve what I want. However, we have two caches and I'd like both
utilised. There seems no way to get the router to forward based on any
criteria apart from IP address. Thus I'd have to get the packets forwarded
to one machine A and then get it to conditionally forward to the caches, B
or C (all three on the same network.)
=09=09=09--------
Internet --------| NBII |-------- Campus
=09=09=09--------
=09=09=09 |
=09=09------------------------
=09=09|=09 |=09 |
=09=09A=09 B=09 C
e.g.
A - 10.0.1.1 - Port 80 distributor
B - 10.0.1.2 - Web cache 1
C - 10.0.1.3 - Web cache 2
Thus on the NBII, incoming from our campus interface:
permit next hop 10.0.1.1 tcp dst=3D80
On machine A:
ipfw add 49 allow tcp from 10.0.0.1 to any
ipfw add 50 fwd 10.0.1.2 tcp from 0.0.0.0/1 to any 80
ipfw add 51 fwd 10.0.1.3 tcp from 1.0.0.0/1 to any 80
On machine B:
ipfw add 49 allow tcp from 10.0.1.2 to any
ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80
On machine C:
ipfw add 49 allow tcp from 10.0.1.3 to any
ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80
Does this seem right or have I missed something? Would it be possible to
just get A to forward directly to the correct port on the caches?
On machine A:
ipfw add 50 fwd 10.0.1.2,3128 tcp from 0.0.0.0/1 to any 80
ipfw add 51 fwd 10.0.1.3,3128 tcp from 1.0.0.0/1 to any 80
Thanks for anyone that's stayed with this :)
Mark Powell - UNIX System Administrator - Clifford Whitworth Building
A.I.S., University of Salford, Salford, Manchester, UK.
Tel: +44 161 295 5936 Fax: +44 161 295 5888 www.pgp.com for PGP key
M.S.Powell@ais.salfrd.ac.uk (spell salford correctly to reply to me)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10002031028190.26330-100000>