Date: Fri, 12 Jul 2002 21:55:53 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: Carlos Carnero <zopewiz@yahoo.com> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Excluding from IP Filter redirection Message-ID: <20020712212706.S624-100000@localhost> In-Reply-To: <20020712201727.3179.qmail@web21412.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 12 Jul 2002, Carlos Carnero wrote: > Hi, > > I have already set up IP Filter and ipnat, together > with Squid I have created a "transparent" proxy. The > syntax of the ipnat rule is: > > rdr fxp0 0.0.0.0/0 port 80 -> 192.168.4.1 port > 3128 > > being fxp0 my internal interface, and 192.168.4.1 the > internal IP number of the gateway. So, right now > everybody is directed to Squid :) > > However, is there a way to exclude a couple of > internal IP numbers from being redirected? Just exclude them from the rdr rule. The easiest way is to place the excluded IPs in a different range than the redirected ones. Put a 'rdr' rule for the later, and the former ones won't be redirected. For example, if your internal net is 192.168.4.0/24, place a privilleged block in the lower 64 IPs and the rdr rule becomes: rdr fxp0 192.168.4.64/26 -> 192.168.4.1 port 3128 rdr fxp0 192.168.4.128/25 -> 192.168.4.1 port 3128 That is, the lower 64 addresses won't be redirected, and everything else will. Hope this helps. Fer > > Best regards, > Carlos. > > __________________________________________________ > Do You Yahoo!? > Sign up for SBC Yahoo! Dial - First Month Free > http://sbc.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020712212706.S624-100000>