From owner-freebsd-questions Wed Jan 24 23:31:14 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id D9F5E37B400 for ; Wed, 24 Jan 2001 23:30:56 -0800 (PST) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Wed, 24 Jan 2001 23:29:07 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f0P7V4i54826; Wed, 24 Jan 2001 23:31:04 -0800 (PST) (envelope-from cjc) Date: Wed, 24 Jan 2001 23:30:48 -0800 From: "Crist J. Clark" To: Anthony Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw forwarding to remote machines Message-ID: <20010124233048.I10761@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: <000c01c0861f$e07a6640$0201a8c0@flashcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <000c01c0861f$e07a6640$0201a8c0@flashcom.com>; from bytehedd@yahoo.com on Tue, Jan 23, 2001 at 11:55:21PM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Jan 23, 2001 at 11:55:21PM -0500, Anthony wrote: > Hi, > > Recently i setup a transparent proxy server with squid. That worked just > fine, used a fwd rule to forward all traffic to localhost, etc. Now I have > more of a problem though. > > I have a gateway at 30.30.30.1 and a proxy server at 20.20.20.1. Both have > public interfaces and are not connected through any sort of private network. > What I need to do is to forward all traffic on port 80 of the gateway > 30.30.30.1 (thus allowing for transparent caching for people behind it) to > the proxy server 20.20.20.1. > > I made the following rule (where 10.10.0.0/16 is the gateway's:internal > network) > /sbin/ipfw add fwd 20.20.20.1 tcp from 10.10.0.0/16 to any 80 > and it doesn't work. packets don't get directed to 20.20.20.1, they just go > where they are supposed to. If I run squid locally and forward to > localhost, it does fine (its just that its a P130 with 800M hdd, kinda > stupid to run squid on it) > The kernel is compiled with all necessary options. (since nat works, and > forwarding to localhost works) > > Also the manual says that if you fwd to an IP that is further than one hop > away, the routing table will be used to relay the packet. host 20.20.20.1 is > fully accessible! And local? > Can someone tell me what I can do about this, or possibly suggest an > alternative forwarding solution? I am not exactly sure how you are planning to do this. It should not be too hard to do... again, provided the hosts are local which I am not completely clear on yet. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message