Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 19 Mar 2000 18:22:03 -0500
From:      "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To:        Gavin Cameron <gavin@itworks.com.au>
Cc:        questions@FreeBSD.ORG
Subject:   Re: IPFW question
Message-ID:  <20000319182203.D78153@cc942873-a.ewndsr1.nj.home.com>
In-Reply-To: <Pine.BSF.4.21.0003192056280.11948-100000@maybe.itworks.com.au>; from gavin@itworks.com.au on Sun, Mar 19, 2000 at 09:03:40PM %2B1100
References:  <Pine.BSF.4.21.0003192056280.11948-100000@maybe.itworks.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Mar 19, 2000 at 09:03:40PM +1100, Gavin Cameron wrote:
> Hi all,
> 
> I have the following turned in my kernel on under 4.0-RELEASE
> 
> 	options         IPFIREWALL              #firewall
> 	options         IPFIREWALL_VERBOSE      #print information about
>         	                                # dropped packets
> 	options         IPFIREWALL_FORWARD      #enable transparent proxy support
> 	options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
> 	options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
> 	default
> 	options         IPDIVERT                #divert sockets
> 	options         IPSTEALTH               #support for stealth forwarding
> 
> And if I do the following
> 
> 	ipfw add 100 divert 23 log tcp from mach1 to mach2 80
> 
> Then I think that if I telnet from mach1 to mach2 on port 80 then I expect
> to see a telnet session start up.
> 
> Am I right in the way that I read the divert line?

No. man 4 divert

You would not use ipfw(8) to redirect network traffic in this
manner. You would use something like natd(8).

> I get lines like
> 
> 	Mar 19 20:57:50 gavin1 /kernel: ipfw: 100 Divert 23 TCP
> 		mach1:1625 mach2:80 in via ed0
> 
> in my IPFW logfiles but I don't see a telnet session.
> 
> The test is a precursor to getting FreeBSD 4.0 working with squid 2.3 to
> act as a transparent proxy for packets directed to it by an Alteon
> CacheDirector. If someone already have a working config (both IPFW and
> squid) for this scenario and wouldn't mind parting with it I'd be very
> appreciative.

For this, you would not want divert(4) or natd(8). You want to use the
fwd action in ipfw(8). man 8 ipfw
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000319182203.D78153>