Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 08 Sep 2010 16:13:14 -0700
From:      Julian Elischer <julian@elischer.org>
To:        Tony <rigstars@gmail.com>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: All in one machine running w/ Dansguardian+Squid+IPFW
Message-ID:  <4C88188A.8010903@elischer.org>
In-Reply-To: <AANLkTi=9r4OK0brNKFzGC42joqa1U%2B_PTaXQU8y%2BE-%2Bx@mail.gmail.com>
References:  <AANLkTi=9r4OK0brNKFzGC42joqa1U%2B_PTaXQU8y%2BE-%2Bx@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 9/8/10 2:46 PM, Tony wrote:
> I have one computer that has Dansguardian (127.0.0.1:8888) and Squid
> (127.0.0.1) and IPFW installed. From the same computer, I'm trying to
> redirect port 80 to Dansguardian's port 8888 using the rulesets below.
> Is this possible? I read that ipfw does not allow forwarding from the same
> machine. Is this true? I'm have tried both these ruleset separately and are
> not getting any hits when I do ipw show. Something wrong with my rules?

there was a small window around 6.x (I think) where you needed  a
special option to fwd to oneself in ipfw. It was removed quickly as it 
made forwarding useless in general.

>
> Ruleset #1
>
> ipfw add fwd 127.0.0.1:8888 tcp from 192.168.0.154 to any 80 in recv en1

looks vaguely right but I haven't done it in a while.


> ipfw add allow tcp from me to any 80 out xmit en1
> ipfw add allow tcp from any 80 to me in recv en1
>
>
> Ruleset#2
>
> ipfw add allow tcp from 192.168.0.154 to any 80 out xmit en1

make up your mind.. is that machine out via en1 or somewhere else?

> ipfw add fwd 127.0.0.1,8888 tcp from 192.168.0.154 to any dst-port 80
> ipfw add allow tcp from any 80 to 192.168.0.154 in recv en1 established

can you draw a diagram?

are these two rulesets supposed to coexist on the same
machine?
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C88188A.8010903>