Site Navigation

Date:      Mon, 24 Sep 2007 10:44:22 +0400
From:      "A.Rymkus" <rymkus@inbox.ru>
To:        danow@magix.com.sg
Cc:        freebsd-isp@freebsd.org
Subject:   Re: freebsd 6.2 with ipfw forward not working
Message-ID:  <1732993630.20070924104422@inbox.ru>
In-Reply-To: <20070924045035.GB30086@singtel.com>
References:  <20070924044357.GA30086@singtel.com> <20070924045035.GB30086@singtel.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Hi, danow.

You wrote at 24.09.2007, 8:50:35:

dmcs> Hi,

dmcs> I have a rule in ipfw to divert all destination address with
dmcs> tcp port 80 to a local squid server. However this is working for
dmcs> me. When i did a tcpdump on lo0, no packets are seen.

dmcs> ipfw rules
dmcs> add fwd 127.0.0.1,3128 log tcp from  any to any 

dmcs> and in /var/log/security shows the packet being forwarded.

dmcs> This is what squid -v shows
dmcs> Squid Cache: Version 2.6.STABLE16
dmcs> configure options:  '--bindir=/usr/local/sbin'
dmcs> '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid'
dmcs> '--libexecdir=/usr/local/libexec/squid'
dmcs> '--localstatedir=/usr/local/squid'
dmcs> '--sysconfdir=/usr/local/etc/squid'
dmcs> '--enable-removal-policies=lru heap' '--disable-linux-netfilter'
dmcs> '--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic
dmcs> ntlm digest' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB
dmcs> YP' '--enable-digest-auth-helpers=password'
dmcs> '--enable-external-acl-helpers=ip_user session unix_group
dmcs> wbinfo_group' '--enable-ntlm-auth-helpers=SMB'
dmcs> '--enable-negotiate-auth-helpers=squid_kerb_auth'
dmcs> '--enable-storeio=ufs diskd null' '--enable-pf-transparent'
dmcs> '--enable-ipf-transparent' '--enable-err-languages=Armenian
dmcs> Azerbaijani Bulgarian Catalan Czech Danish  Dutch English
dmcs> Estonian Finnish French German Greek  Hebrew Hungarian Italian
dmcs> Japanese Korean Lithuanian  Polish Portuguese Romanian
dmcs> Russian-1251 Russian-koi8-r  Serbian Simplify_Chinese Slovak
dmcs> Spanish Swedish  Traditional_Chinese Turkish'
dmcs> '--enable-default-err-language=English' '--prefix=/usr/local'
dmcs> '--mandir=/usr/local/man' '--infodir=/usr/local/info/'
dmcs> 'i386-portbld-freebsd6.2' 'build_alias=i386-portbld-freebsd6.2'
dmcs> 'host_alias=i386-portbld-freebsd6.2'
dmcs> 'target_alias=i386-portbld-freebsd6.2' 'CC=cc' 'CFLAGS=-O2
dmcs> -fno-strict-aliasing -pipe ' 'LDFLAGS=' 'CPPFLAGS='

dmcs> in /etc/sysctl.conf
dmcs> net.inet.ip.forwarding=1

dmcs> In kernel config,
dmcs> options IPFIREWALL
dmcs> options IPFIREWALL_FORWARD


dmcs> Any idea what's wrong with my config? Have i missed out anything?

dmcs> Thanks,
dmcs> Denny
dmcs> _______________________________________________
dmcs> freebsd-isp@freebsd.org mailing list
dmcs> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
dmcs> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

works for me. only difference is that I use that rules as follows:

ipfw fwd 127.0.0.1,3128 log tcp from {internal_net} to any 80
ipfw fwd 127.0.0.1,3128 log tcp from {internal_net} to any 3128
ipfw fwd 127.0.0.1,3128 log tcp from {internal_net} to any 8080


-- 
WBR, A.Rymkus

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1732993630.20070924104422>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact