Date: Thu, 15 Apr 2010 09:53:11 -0500 From: Kevin Kinsey <kdk@daleco.biz> To: Mexican Loser <ross.is.a.cheater@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: dansguardian + squid running on local machine Message-ID: <4BC72857.3050502@daleco.biz> In-Reply-To: <v2gf41e9b511004150603zaf99431czec26c4ac0a765a4a@mail.gmail.com> References: <v2gf41e9b511004150603zaf99431czec26c4ac0a765a4a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mexican Loser wrote: > Hello fellow BSD users - > > I have dansguardian listening on 127.0.0.0.1:8080 -> squid listening on > 127.0.0.1:3128 on the same computer for content filtering and caching for > the kids. > > I also have ipfw ruleset. I'm able to browse the Internet fine but I just > want to make sure http requests are going through my ipfw ruleset. How do I > know if my websites requests are going through the ipfw rules and coming > back through them? > > The rule below allows everything through the loop back interface, is that > whats allowing squid and dansguardian to work? If so, I would like to know > what rules specifically I can add specifically for dansguardian and squid? > > > allow all from any to any via lo0 For starters, read up in the Handbook on ipfw. You're really going to want to understand what you are doing. It may help to define your rules in English, then try and figure out the syntax for ipfw. You should look carefully at your network setup. I'm assuming you have a BSD box dual-homed to your ISP, and doing NAT for your LAN? Your loopback interface must always work, otherwise Bad Stuff(tm) will happen. That's the rule you have up there. After that, write out your rules in English: 1. I can connect to anything from the gateway/server. 2. Nothing can come in from outside. 2. No one else can connect to anything outside the gateway/server. 4. Everyone inside can connect to the gateway/server. Etc. After that, it's just a matter of figuring out ipfw's syntax. HTH, Kevin Kinsey P.S. You'll get some recommendations for other firewalls, too. Use which ever one makes sense to you :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BC72857.3050502>