From owner-freebsd-ipfw Wed Jul 28 10:43:53 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from t47.tempest.sk (t47.tempest.sk [195.28.100.47]) by hub.freebsd.org (Postfix) with ESMTP id A350414CC6 for ; Wed, 28 Jul 1999 10:43:12 -0700 (PDT) (envelope-from ludo_koren@tempest.sk) Received: (from koren@localhost) by t47.tempest.sk (8.9.3/8.9.3) id TAA94386; Wed, 28 Jul 1999 19:43:09 +0200 (CEST) (envelope-from koren) Date: Wed, 28 Jul 1999 19:43:09 +0200 (CEST) Message-Id: <199907281743.TAA94386@t47.tempest.sk> From: Ludo Koren To: freebsd-ipfw@freebsd.org Subject: ipfw forwarding Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi. I am running 3.2-STABLE with these relevant kernel options: options BRIDGE options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about # dropped packets options IPFIREWALL_FORWARD #enable transparent proxy support #options "IPFIREWALL_VERBOSE_LIMIT=100" #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default #options IPDIVERT #divert sockets options DUMMYNET The relevant kernel variables: net.link.ether.bridge: 1 net.link.ether.bridge_ipfw: 1 ipfw is configured as follows: 00400 allow log tcp from 195.28.100.104 to any via xl0 00500 fwd 127.0.0.1,80 log tcp from any to any 80 60000 allow log tcp from any to any 65535 allow ip from any to any Squid cache is listening on the port 80. I am trying to do a transparent caching. If I configure browser as directly connected to the Internet everything works ok but the cache doesn't store any pages. If I manually configure proxy in the browser, the cache works. Do I understand the ipfw man page right or am I missing something? Should the cache work transparently in the above mentioned configuration? What's the purpose of the ipfw forwarding? Any help is greatly appreciated. Thanks. ludo PS: the ipfw kernel log follows: Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100.106:1057 195.28.100.6:80 in via ep0 Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100. 106:1057 195.28.100.6:80 in via ep0 Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100 .106:1057 in via xl0 Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100 .106:1057 in via xl0 Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100. 106:1057 195.28.100.6:80 in via ep0 Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100. 106:1057 195.28.100.6:80 in via ep0 Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100. 106:1057 195.28.100.6:80 in via ep0 Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100 .106:1057 in via xl0 Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100. 106:1057 195.28.100.6:80 in via ep0 Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100 .106:1057 in via xl0 Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100 .106:1057 in via xl0 Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100. 106:1058 195.28.100.6:80 in via ep0 Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100 .106:1057 in via xl0 Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100. 106:1058 195.28.100.6:80 in via ep0 Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100 .106:1058 in via xl0 Jul 28 19:40:26 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100 .106:1058 in via xl0 Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100. 106:1058 195.28.100.6:80 in via ep0 Jul 28 19:40:26 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:80 TCP 195.28.100. 106:1058 195.28.100.6:80 in via ep0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message