From owner-freebsd-ipfw@freebsd.org Tue Jun 28 17:56:56 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2527CB85E12 for ; Tue, 28 Jun 2016 17:56:56 +0000 (UTC) (envelope-from ataro@protonmail.ch) Received: from mail4.protonmail.ch (mail4.protonmail.ch [185.70.40.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.protonmail.ch", Issuer "QuoVadis Global SSL ICA G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C87C824F3 for ; Tue, 28 Jun 2016 17:56:55 +0000 (UTC) (envelope-from ataro@protonmail.ch) Received: from mail.protonmail.com (localhost [127.0.0.1]) by mail4.protonmail.ch (Postfix) with ESMTP id C43A8334C for ; Tue, 28 Jun 2016 13:48:30 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.ch; s=default; t=1467136110; bh=EFOSsJHSOTtVixqvEo2OO8BvSYo50Q3usgbVZpXpld8=; h=Date:To:From:Reply-To:Subject:Feedback-ID:From; b=olP96ApNt6xOL40TMe/Gbk0vqS3nqHHgPdd752IVqtoYhofXMdRpd8700Eli2+HzL Bw+1VsM1ldkpcpjKsSlTW7528zo8C37DGAkNxlxH4bN+7+4JArLjxX9PtUpXsnFr2/ Z9XMsMhyuMfJi6cGigiONfsVp1n11Cgel2D1/YRA= Date: Tue, 28 Jun 2016 13:48:30 -0400 To: "freebsd-ipfw@freebsd.org" From: Ataro Reply-To: Ataro Subject: force all the network traffic through a proxy server. Message-ID: Feedback-ID: 6VegOq-D6H8HIpM99ONneUJ12PougB5sJq8rXUXAiXDIITcDMx4jnSLhh5KoBzEHO--LvmKDfC00sh_gtZW7tA==:Ext:ProtonMail MIME-Version: 1.0 X-Spam-Status: No, score=-1.1 required=4.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,MIME_BASE64_BLANKS,URIBL_BLOCKED autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail4.protonmail.ch Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jun 2016 17:56:56 -0000 SGkgdGhlcmUsCgpJJ3ZlIHNldCB1cCBhIEZyZWVCU0QgbWFjaGluZSBpbnNpZGUgYSBWaXJ0dWFs Qm94IG1hY2hpbmUgYW5kIHVzZWQgSVBGVyB0byByZWRpcmVjdCBhbGwgdGhlIHJlcXVlc3RzIHRv IHRoZSBpbnRlcm5ldCB0aHJvdWdoIGEgc3F1aWQgcHJveHkgc2VydmVyIHJ1bm5pbmcgb24gdGhl IHNhbWUgbWFjaGluZSBpbiBwb3J0IDMxMjggaW4gaW50ZXJjZXB0IG1vZGUgKGFsc28ga25vd24g YXMgdHJhbnNwYXJlbnQgcHJveHkgbW9kZSkuCgpUaGUgcHJvYmxlbSBpcyB0aGF0IEkgbmVlZCBh IHdheSB0byBpZGVudGlmeSB0aGUgcGFja2V0cyB0aGF0IG9yaWdpbmF0ZXMgZnJvbSB0aGUgc3F1 aWQgc2VydmVyIGFuZCBsZXQgdGhlbSBwYXNzIG91dCB0byB0aGUgSW50ZXJuZXQgYnV0IGFsbCBv dGhlciBwYWNrZXRzIG11c3QgZ28gdGhyb3VnaCB0aGUgc3F1aWQgc2VydmVyLgoKbXkgSVBGVyBy dWxlcyBsb29rcyBsaWtlIHRoZSBmb2xsb3dpbmc6CmlwZncgLWYgZmx1c2gKaXBmdyBhZGQgNTAg cGFzcyBhbGwgZnJvbSBhbnkgdG8gYW55IHZpYSBsbzAKaXBmdyBhZGQgMTAwIHBhc3MgYWxsIGZy b20gYW55IHRvIGFueSBwcm90byB1ZHAKaXBmdyBhZGQgMTUwIHBhc3MgaWNtcCBmcm9tIGFueSB0 byBhbnkKaXBmdyBhZGQgMjAwIGZ3ZCAxMjcuMC4wLjEsMzEyOCB0YWcgMTExMSB0Y3AgZnJvbSBt ZSB0byBhbnkKaXBmdyBhZGQgMjUwIHBhc3MgYWxsIGZyb20gMTAuMC4yLjE1IHRvIGFueSB0YWdn ZWQgMTExMQoKVW5mb3J0dW5hdGVseSwgdGhlIHBhY2tldHMgdGhhdCBvcmlnaW5hdGVzIGZyb20g dGhlIHNxdWlkIHNlcnZlciByZWRpcmVjdGVkIGJhY2sgdG8gaXRzZWxmIGFuZCBJIGRvbid0IGZp bmQgYSB3YXkgdG8gYWxsb3cgdGhlbSBwYXNzIG91dC4KCklzIHNvbWVvbmUgaGVyZSBoYXZlIGFu IGlkZWE/CgpSZWdhcmRzLAoKQXRhcm8u From owner-freebsd-ipfw@freebsd.org Thu Jun 30 00:13:53 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1FC20B8773B for ; Thu, 30 Jun 2016 00:13:53 +0000 (UTC) (envelope-from thoms3rd@gmail.com) Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CD0B92566 for ; Thu, 30 Jun 2016 00:13:52 +0000 (UTC) (envelope-from thoms3rd@gmail.com) Received: by mail-qk0-x232.google.com with SMTP id a125so118098278qkc.2 for ; Wed, 29 Jun 2016 17:13:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=PzLOU7LK+oeABIERfAht1OMbVsvXSUMNz05JnnTl1q4=; b=UfpPh2n0Q6Uz0FbP8HnWOm0lFOqsJg4hxPTIzTpC15o6A0YD/o7/mZJHZfEoXP69mN rMapQMrzw3ZMyMObdq4sKTpUtrGkmp7Lbg89DRW6GPnpv5j2Sq9u30s8ejOAf5yr51EZ 7JjMOKRc1UaJgTzivcdo2zDrpPuNTaUhfg468GlOlMWbSYRhrs0DYTJs1v5IOBm0oMM/ pBQUI+T1aDF19vK4X9Sqoklm47WfepTDxR9kNSmsrSLdZzvB99DHQp3v6vSQgZ+ABOAD Aod8vXgDi60tZe6HE2tyHgs1TyryRz6B0d9tdUHy81fmoZe5ObmYdyj7gAKswLbzttW1 fMIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=PzLOU7LK+oeABIERfAht1OMbVsvXSUMNz05JnnTl1q4=; b=boOOG/23kKYmI14Bv3i2nz6ATKTD8nZ5aAnrBIMoO5Lkp6B5BxTdt0Q87epWlj9Q+G rNCVE+rAa5flRlcqL/ndza0+KcW899szty21LBlQFEMvzAHF6d1Z4hJIRU1cXjyBE7Db QfoFqle5hUtpI2rGiKvBN9yx5LWWI8NXFTUa8nk0y28P9LSO1vOVP0rrTvfutvVSvPzZ P+sr68tqVbj2aeCUmhiZta2oJQIl97PGTCAKzoCZfDwSwVDXIDX1vcgLD0jGfcvhG/oo 8ggl01AEET5P/DhkBhG9UbZwosCdQE1U7O7eDXz0SYNvH/nx9MrPZ2qC845F7dtKPzXp I6Fw== X-Gm-Message-State: ALyK8tLO/SrClIfpblvYGNPc65K6lBSB/CAfM1ush7ELKvTjpeI7rSrEd0sBt617UitOWw== X-Received: by 10.55.177.193 with SMTP id a184mr13425883qkf.121.1467245632042; Wed, 29 Jun 2016 17:13:52 -0700 (PDT) Received: from host (201.86.246.182.dynamic.adsl.gvt.net.br. [201.86.246.182]) by smtp.gmail.com with ESMTPSA id 128sm358024qke.10.2016.06.29.17.13.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Jun 2016 17:13:51 -0700 (PDT) Date: Wed, 29 Jun 2016 21:13:42 -0300 From: Thomas To: Ataro Cc: "freebsd-ipfw@freebsd.org" Subject: Re: force all the network traffic through a proxy server. Message-ID: <20160630001342.GA7528@host> References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2016 00:13:53 -0000 Tue, Jun 28, 2016 at 01:48:30PM -0400, Ataro via freebsd-ipfw: > Hi there, >=20 > I've set up a FreeBSD machine inside a VirtualBox machine and used IPFW t= o redirect all the requests to the internet through a squid proxy server ru= nning on the same machine in port 3128 in intercept mode (also known as tra= nsparent proxy mode). >=20 > The problem is that I need a way to identify the packets that originates = =66rom the squid server and let them pass out to the Internet but all other= packets must go through the squid server. >=20 > my IPFW rules looks like the following: > ipfw -f flush > ipfw add 50 pass all from any to any via lo0 > ipfw add 100 pass all from any to any proto udp > ipfw add 150 pass icmp from any to any > ipfw add 200 fwd 127.0.0.1,3128 tag 1111 tcp from me to any > ipfw add 250 pass all from 10.0.2.15 to any tagged 1111 >=20 > Unfortunately, the packets that originates from the squid server redirect= ed back to itself and I don't find a way to allow them pass out. >=20 > Is someone here have an idea? >=20 > Regards, >=20 > Ataro. > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" Hello, Run the squid server as a separate user, and use the uid match pattern. Cheers, Thom=E1s