Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 08 Sep 2010 20:21:11 -0700
From:      Julian Elischer <julian@elischer.org>
To:        Tony <rigstars@gmail.com>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: All in one machine running w/ Dansguardian+Squid+IPFW
Message-ID:  <4C8852A7.5060508@elischer.org>
In-Reply-To: <AANLkTimybPMQvXLh3xq7Zx1gWzdnWuy0Bcv2tnGaMdkF@mail.gmail.com>
References:  <AANLkTi=9r4OK0brNKFzGC42joqa1U%2B_PTaXQU8y%2BE-%2Bx@mail.gmail.com>	<4C88188A.8010903@elischer.org> <AANLkTimybPMQvXLh3xq7Zx1gWzdnWuy0Bcv2tnGaMdkF@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 9/8/10 4:35 PM, Tony wrote:
> I only use one ruleset at a time ..just trying different ones to see
> if one or the other works. en1 is my private lan ..(wireless interface)
>
> either case, it doesn't work ..btw, I'm using snow leopard ..

um you forgot to mention that one little fact!

being a FreeBSD mailing list I assumed you were using freeBSD!

I have no idea if the apple folks implemented the changes in the IP 
stack needed to do the forwarding to localhost.
I suspect not.. you may need to look at the darwin sources to find
out.

> anyone
> here try using natd for redirection ..that may work i guess
>
> On Wed, Sep 8, 2010 at 7:13 PM, Julian Elischer <julian@elischer.org
> <mailto:julian@elischer.org>> wrote:
>
>     On 9/8/10 2:46 PM, Tony wrote:
>
>         I have one computer that has Dansguardian (127.0.0.1:8888
>         <http://127.0.0.1:8888>) and Squid
>         (127.0.0.1) and IPFW installed. From the same computer, I'm
>         trying to
>         redirect port 80 to Dansguardian's port 8888 using the
>         rulesets below.
>         Is this possible? I read that ipfw does not allow forwarding
>         from the same
>         machine. Is this true? I'm have tried both these ruleset
>         separately and are
>         not getting any hits when I do ipw show. Something wrong with
>         my rules?
>
>
>     there was a small window around 6.x (I think) where you needed  a
>     special option to fwd to oneself in ipfw. It was removed quickly
>     as it made forwarding useless in general.
>
>
>
>         Ruleset #1
>
>         ipfw add fwd 127.0.0.1:8888 <http://127.0.0.1:8888>; tcp from
>         192.168.0.154 to any 80 in recv en1
>
>
>     looks vaguely right but I haven't done it in a while.
>
>
>
>         ipfw add allow tcp from me to any 80 out xmit en1
>         ipfw add allow tcp from any 80 to me in recv en1
>
>
>         Ruleset#2
>
>         ipfw add allow tcp from 192.168.0.154 to any 80 out xmit en1
>
>
>     make up your mind.. is that machine out via en1 or somewhere else?
>
>
>         ipfw add fwd 127.0.0.1,8888 tcp from 192.168.0.154 to any
>         dst-port 80
>         ipfw add allow tcp from any 80 to 192.168.0.154 in recv en1
>         established
>
>
>     can you draw a diagram?
>
>     are these two rulesets supposed to coexist on the same
>     machine?
>
>         _______________________________________________
>         freebsd-ipfw@freebsd.org <mailto:freebsd-ipfw@freebsd.org>
>         mailing list
>         http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>         To unsubscribe, send any mail to
>         "freebsd-ipfw-unsubscribe@freebsd.org
>         <mailto:freebsd-ipfw-unsubscribe@freebsd.org>"
>
>
>




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C8852A7.5060508>