From owner-freebsd-questions Wed Jun 26 18:29:16 2002 Delivered-To: freebsd-questions@freebsd.org Received: from patriarch.dnsalias.org (adsl-66-136-23-175.dsl.hstntx.swbell.net [66.136.23.175]) by hub.freebsd.org (Postfix) with ESMTP id EEEF737C272; Wed, 26 Jun 2002 16:39:01 -0700 (PDT) Received: from compgeek ([127.0.0.1]) by patriarch.dnsalias.org with Microsoft SMTPSVC(5.0.2195.4905); Wed, 26 Jun 2002 15:45:30 -0500 Reply-To: From: "Jon Noack" To: "Jaime" , Cc: Subject: RE: Bridge and proxy? Date: Wed, 26 Jun 2002 15:45:29 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20020626133540.F1925-100000@malkav.snowmoon.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-OriginalArrivalTime: 26 Jun 2002 20:45:30.0028 (UTC) FILETIME=[68A9D6C0:01C21D52] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Better list for this is freebsd-ipfw@freebsd.org -- this message sent there as well... What does 'ipfw show' output? Is it not matching all your rules? With a bridge it won't match multiple rules... Jon -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Jaime Sent: Wednesday, June 26, 2002 12:41 PM To: freebsd-questions@freebsd.org Subject: Bridge and proxy? I'm trying to set up a FreeBSD 4.6 system for bridging and as a transparent HTTP proxy. I have the squid (tcp port 3128) and dansguardian (tcp port 8080) ports installed and running well. I have bridging in the kernel and it is running well. The topology is: (ISP) -- (Router) -- (FBSD 4.6) -- (LAN's core switch) I have it working well enough that HTTP requests to port 80 are passing through the FreeBSD box and working correctly. However, they are not going into DansGuardian (which passes the request to Squid). I'm using the following IPFW rules: cerberus# ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 01000 allow tcp from me to any 01100 allow tcp from any to me 80 01200 fwd 127.0.0.1,8080 tcp from any to any 80 01210 fwd 127.0.0.1,8080 tcp from any to any 8080 01220 fwd 127.0.0.1,8080 tcp from any to any 81 01230 fwd 127.0.0.1,8080 tcp from any to any 8000 65000 allow ip from any to any 65535 allow ip from any to any Any advice? Thanks in advance, Jaime To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message