Date: Thu, 3 Feb 2000 11:45:53 +0000 (GMT) From: Mark Powell <M.S.Powell@salford.ac.uk> To: =?iso-8859-1?Q?Edstr=F6m?= Johan <johan.edstrom@hygiene.sca.se> Cc: freebsd-net@freebsd.org Subject: Re: Can 3.4-S cope with packets not addressed to it? Message-ID: <Pine.BSF.4.05.10002031028190.26330-100000@plato.salford.ac.uk> In-Reply-To: <38994D95.B78301A4@hygiene.sca.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 3 Feb 2000, Edstr=F6m Johan wrote: > Check out transparent proxy at the squid site. I think the stumbling block was that I'd never used any of this filtering stuff before. I was thinking that BSD wouldn't accept a packet addressed to it, but obviously if it can perform as a router, it must be able to, doh! On a web cache connected to the router: ipfw add 49 allow tcp from 10.0.1.1 to any ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80 will achieve what I want. However, we have two caches and I'd like both utilised. There seems no way to get the router to forward based on any criteria apart from IP address. Thus I'd have to get the packets forwarded to one machine A and then get it to conditionally forward to the caches, B or C (all three on the same network.) =09=09=09-------- Internet --------| NBII |-------- Campus =09=09=09-------- =09=09=09 | =09=09------------------------ =09=09|=09 |=09 | =09=09A=09 B=09 C e.g. A - 10.0.1.1 - Port 80 distributor B - 10.0.1.2 - Web cache 1 C - 10.0.1.3 - Web cache 2 Thus on the NBII, incoming from our campus interface: permit next hop 10.0.1.1 tcp dst=3D80 On machine A: ipfw add 49 allow tcp from 10.0.0.1 to any ipfw add 50 fwd 10.0.1.2 tcp from 0.0.0.0/1 to any 80 ipfw add 51 fwd 10.0.1.3 tcp from 1.0.0.0/1 to any 80 On machine B: ipfw add 49 allow tcp from 10.0.1.2 to any ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80 On machine C: ipfw add 49 allow tcp from 10.0.1.3 to any ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80 Does this seem right or have I missed something? Would it be possible to just get A to forward directly to the correct port on the caches? On machine A: ipfw add 50 fwd 10.0.1.2,3128 tcp from 0.0.0.0/1 to any 80 ipfw add 51 fwd 10.0.1.3,3128 tcp from 1.0.0.0/1 to any 80 Thanks for anyone that's stayed with this :) Mark Powell - UNIX System Administrator - Clifford Whitworth Building A.I.S., University of Salford, Salford, Manchester, UK. Tel: +44 161 295 5936 Fax: +44 161 295 5888 www.pgp.com for PGP key M.S.Powell@ais.salfrd.ac.uk (spell salford correctly to reply to me) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10002031028190.26330-100000>