Date: Wed, 28 Jul 1999 19:43:09 +0200 (CEST) From: Ludo Koren <ludo_koren@tempest.sk> To: freebsd-ipfw@freebsd.org Subject: ipfw forwarding Message-ID: <199907281743.TAA94386@t47.tempest.sk>
next in thread | raw e-mail | index | archive | help
Hi.
I am running 3.2-STABLE with these relevant kernel options:
options BRIDGE
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #print information about
# dropped packets
options IPFIREWALL_FORWARD #enable transparent proxy support
#options "IPFIREWALL_VERBOSE_LIMIT=100" #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
#options IPDIVERT #divert sockets
options DUMMYNET
The relevant kernel variables:
net.link.ether.bridge: 1
net.link.ether.bridge_ipfw: 1
ipfw is configured as follows:
00400 allow log tcp from 195.28.100.104 to any via xl0
00500 fwd 127.0.0.1,80 log tcp from any to any 80
60000 allow log tcp from any to any
65535 allow ip from any to any
Squid cache is listening on the port 80.
I am trying to do a transparent caching. If I configure browser as
directly connected to the Internet everything works ok but the cache
doesn't store any pages. If I manually configure proxy in the browser,
the cache works. Do I understand the ipfw man page right or am I
missing something? Should the cache work transparently in the above
mentioned configuration? What's the purpose of the ipfw forwarding?
Any help is greatly appreciated.
Thanks.
ludo
PS: the ipfw kernel log follows:
Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP
195.28.100.106:1057 195.28.100.6:80 in via ep0
Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100.
106:1057 195.28.100.6:80 in via ep0
Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100
.106:1057 in via xl0
Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100
.106:1057 in via xl0
Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100.
106:1057 195.28.100.6:80 in via ep0
Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100.
106:1057 195.28.100.6:80 in via ep0
Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100.
106:1057 195.28.100.6:80 in via ep0
Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100
.106:1057 in via xl0
Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100.
106:1057 195.28.100.6:80 in via ep0
Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100
.106:1057 in via xl0
Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100
.106:1057 in via xl0
Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100.
106:1058 195.28.100.6:80 in via ep0
Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100
.106:1057 in via xl0
Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100.
106:1058 195.28.100.6:80 in via ep0
Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100
.106:1058 in via xl0
Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100
.106:1058 in via xl0
Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100.
106:1058 195.28.100.6:80 in via ep0
Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100.
106:1058 195.28.100.6:80 in via ep0
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907281743.TAA94386>