From owner-freebsd-questions Sat Dec 23 19:38:33 2000 From owner-freebsd-questions@FreeBSD.ORG Sat Dec 23 19:38:30 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from kronos.hostuniverse.hu (unknown [195.184.160.117]) by hub.freebsd.org (Postfix) with ESMTP id 2114237B402 for ; Sat, 23 Dec 2000 19:38:29 -0800 (PST) Received: (from witch@localhost) by kronos.hostuniverse.hu (8.11.1/8.11.1) id eBO3bs318061; Sun, 24 Dec 2000 04:37:54 +0100 (CET) (envelope-from witch) Date: Sun, 24 Dec 2000 04:37:54 +0100 From: Ron Scott To: Kathy Quinlan Cc: freebsd-questions@FreeBSD.org Subject: Re: PROXY SERVERS Message-ID: <20001224043754.A18057@kronos.hostuniverse.hu> Reply-To: Ron Scott References: <002501c06d54$b1fb70e0$fe00a8c0@wskatinka> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <002501c06d54$b1fb70e0$fe00a8c0@wskatinka>; from katinka@magestower.com on Sun, Dec 24, 2000 at 10:53:24AM +0800 X-Mailbox: SENT MESSAGES X-Operating-System: FreeBSD 4.2-STABLE Sender: witch@kronos.hostuniverse.hu Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Dec 24, 2000 at 10:53:24AM +0800, Kathy Quinlan wrote: > Hi all > > I need a proxy server to handle traffic from multiple machines to the net. > The reason we need one is for IRC DCC's and ICQ :o) You can use NAT, natd or ipnat. This isn't a proxy, but it should work with irc, httpd, ftp, etc., and it's transparent for the client. To use ipnat, put this in your kernel config and make a new kernel: ---------- options IPFILTER # -- ipmon(8) logging if you want options IPFILTER_LOG # -- default is pass anything, this reverses it, use with care #options IPFILTER_DEFAULT_BLOCK ---------- Edit /etc/natrules: ---------- map fxp0 10.1.1.0/24 -> 195.228.16.17/32 portmap tcp/udp 1024:65535 map fxp0 10.1.1.0/24 -> 195.228.16.17/32 ---------- `fxp0' is the interface name (see ifconfig output) on the internet `10.1.1.0/24' is the internal network/mask `195.228.16.17/32' is the IP address/mask from `fxp0' For ipfilter (ipf) you need a site specific configuration. You can start with this (/etc/ipf.conf) if you haven't one: ---------- block in log quick from any to any with ipopts block in log quick proto tcp from any to any with short pass in all pass out all ---------- Start ipfilter: ipf -E -f /etc/ipf.conf and after, start ipnat with: ipnat -f /etc/natrules List filters and active sessions: ipnat -ls See ipf(8), ipnat(1) for more info. Hope this helps and happy holydays for everyone, -Ron > > Any help appreciated, > > Kathy. > > Ps have looked at relay (no man page) and proxy (not much info) > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- UNIX was never designed to keep people from doing stupid things, because that policy would also keep them from doing clever things. (Doug Gwyn) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message