Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 13 Jun 2002 10:31:34 +0300
From:      "Ivailo Tanusheff" <I.Tanusheff@procreditbank.com>
To:        <freebsd-ipfw@FreeBSD.ORG>
Subject:   IPFW and SQUID
Message-ID:  <012901c212ac$58442110$cbf810ac@sof.procreditbank.bg>
next in thread | raw e-mail | index | archive | help 
This is a multi-part message in MIME format.

------=_NextPart_000_012A_01C212C5.7D915910
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Dear Sirs,

I have the following configuration:

{Internet} <-> {SQUID1 + Net1} <-64K line-> [SQUID2] <-> {Net2}

I have the following problem:

In Net1 I have an important server to which there are connecting some
clients from Net2 trough http and the squid server. These clients have
to be able to use most of the 64K line between the two networks. In Net2
there are many clients useing the squid server as a proxy and are making
"bad" traffic. 

My question is - how may I configure ipfw to shape the traffic for the
other users. I'd tried some ways of accomplishing that task, but it
seems to me, that when using proxy server, the destination IP address is
not in the IP header or I'm wrong.
Can you help me?

Id tried:
su-2.05a# ipfw -a show
00500      0        0 pipe 1 ip from any to not <net1> out
00600      0        0 pipe 2 ip from any to not <net1> in
65535 397320 84804286 allow ip from any to any

As you see - there is no hit of going out of the net1.

Thank you in advantage,
Ivailo Tanusheff
System Administrator and Security Advisor
ProCredit Bank


------=_NextPart_000_012A_01C212C5.7D915910
Content-Type: text/x-vcard;
	name="Ivailo Tanusheff.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="Ivailo Tanusheff.vcf"

BEGIN:VCARD
VERSION:2.1
N:Tanusheff;Ivailo
FN:Ivailo Tanusheff
ORG:ProCredit Bank
TITLE:System administrator and Security advisor
TEL;WORK;VOICE:+359 2 9217161
EMAIL;PREF;INTERNET:I.Tanusheff@prokreditbank.com
REV:20020510T125145Z
END:VCARD

------=_NextPart_000_012A_01C212C5.7D915910--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?012901c212ac$58442110$cbf810ac>