Date: Fri, 1 Aug 2003 11:39:56 -0700 From: eculp@encontacto.net To: "CPD - Equipe de =?iso-8859-1?b?U2VndXJhbudh?=" <security@pucrs.br> Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org> Subject: Re: IPFW, Nat and transparent proxy ( on different machines ) Message-ID: <1059763196.09a0e94757abe@mail.encontacto.net> In-Reply-To: <5.2.0.9.0.20030801151745.02d1cc18@pop3.pucrs.br> References: <5.2.0.9.0.20030801151745.02d1cc18@pop3.pucrs.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Mensaje citado por CPD - Equipe de Seguran=E7a <security@pucrs.br>: | | Dear gentleman, | | | So far I've been running a FreeBSD 4.7 machine which runs NAT, IPFW and | Squid , acting like a transparent proxy/cache , NAT box and packet | filter/firewall. | | Now, the load is getting too heavy, so I'd like to use a second machine | (with a second WAN link ) as a separate proxy for the HTTP traffic. | | Question is, how can I set up IPFW/NAT to send all the HTTTP ( port 80 | only ) traffic that comes on the internal interface ( 192.160.0.1 ) to the | new proxy-only machine's internal interface ( 192.168.0.2), and still have | the rest of the traffic flowing normally through the other gateway, which | will now run only NAT and IPFW as firewall. I would try something like: 00400 fwd 192.168.0.2,3128 tcp from 192.168.0.0/24 to any 80 and see what and what the logs say. Good luck, ed | | It's confusing somehow, I hope I managed to be clear enough. | | Thanks for any insight, | | - Alexandre | | _______________________________________________ | freebsd-ipfw@freebsd.org mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw | To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" | -- -------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1059763196.09a0e94757abe>