Date: Sat, 10 Jul 2004 11:09:56 -0700 From: Ezra Banoba <ebanoba@one2net.co.ug> To: Carlos =?ISO-8859-1?Q?Alarc=F3n?= <calarcon@iracsa.com.mx> Subject: Re: My ipfw rules doesn't work Message-ID: <1089482996.3505.41.camel@ebans.one2net.co.ug> In-Reply-To: <opsav368gemvvzdj@toshibalap> References: <opsavpednwmvvzdj@toshibalap> <opsavq67vymvvzdj@toshibalap> <opsav368gemvvzdj@toshibalap>
next in thread | previous in thread | raw e-mail | index | archive | help
Did you configure your squid with transparent-proxy support? I'm not sure about how the BSD protocol stack handles this but assuming the redirection is dealt with before the bridging, then there should be no problem. On Fri, 2004-07-09 at 14:48, Carlos Alarc=F3n wrote: > who have =20 > the proxy's configuration fails giving me this > message >=20 > You are not authorized to view this page > You might not have permission to view this directory or page using the =20 > credentials you supplied. Does this also happen with the client browser settings set to point to the proxy? > i add the ipfw output >=20 > 00012 1587 1148100 fwd 172.16.1.33,3128 tcp from any to any =20 > dst-port 80 > 00100 9257210 6707379406 pipe 1 ip from any to any in via xl0 > 00200 1558457 715268891 pipe 2 ip from any to any out via xl0 > 01300 2027 101248 deny ip from 10.0.0.0/8 to any in via xl0 > 01400 2315 96466 deny ip from 192.168.0.0/16 to any in via xl0 > 01500 14882804 10144500248 allow tcp from 172.16.1.33 to any setup =20 > keep-state > 01600 437760 84307478 allow udp from 172.16.1.33 to any keep-state > 01700 53564 13382458 allow ip from 172.16.1.33 to any > 01800 89927607 52765076360 allow tcp from any to any in via xl1 setup =20 > keep-state > 01900 18918311 2483412584 allow udp from any to any in via xl1 keep-stat= e > 02000 3629310 116342293 allow ip from any to any in via xl1 > 02500 830 41582 allow icmp from any to any icmptypes 8 =20 > keep-state > 02600 568996 61796292 allow icmp from any to any icmptypes 3 > 02700 15888 1527232 allow icmp from any to any icmptypes 11 > 02800 9118822 2306878168 allow ip from any to any > 65535 352 10550 deny ip from any to any >=20 > part of my kernel configuration file >=20 > options IPFIREWALL > options IPFIREWALL_FORWARD > options IPFIREWALL_VERBOSE_LIMIT > options DUMMYNET > options BRIDGE > options PFIL_HOOKS > options MSGMNB=3D8192 > options MSGMNI=3D40 > options MSGSEG=3D512 > options MSGSSZ=3D64 > options MSGTQL=3D2048 > options HZ=3D1000 > options IPDIVERT >=20 >=20 > > Which bad results are these? --=20 Ezra Banoba=20 Network Engineer one2net www.one2net.co.ug "Doing well is a result of Doing good. That's what capitalism is all about.= "
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1089482996.3505.41.camel>