freebsd 6.2 with ipfw forward not working

---

• From: Denny <denow@xxxxxxxxxxxx>
• Date: Mon, 24 Sep 2007 12:43:57 +0800

---

Hi,

I have a rule in ipfw to divert all destination address with tcp port 80 to a local squid server. However this is working for me. When i did a tcpdump on lo0, no packets are seen.

ipfw rules
add fwd 127.0.0.1,3128 log tcp from any to any

and in /var/log/security shows the packet being forwarded.

This is what squid -v shows
Squid Cache: Version 2.6.STABLE16
configure options: '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic ntlm digest' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB YP' '--enable-digest-auth-helpers=password' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group' '--enable-ntlm-auth-helpers=SMB' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-storeio=ufs diskd null' '--enable-pf-transparent' '--enable-ipf-transparent' '--enable-err-languages=Armenian Azerbaijani Bulgarian Catalan Czech Danish Dutch English Estonian Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Lithuanian Polish Portuguese Romanian Russian-1251 Russian-koi8-r Serbian Simplify_Chinese Slovak Spanish Swedish Traditional_Chinese Turkish' '--enable-default-err-language=English' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' 'i386-portbld-freebsd6.2' 'build_alias=i386-portbld-freebsd6.2' 'host_alias=i386-portbld-freebsd6.2' 'target_alias=i386-portbld-freebsd6.2' 'CC=cc' 'CFLAGS=-O2 -fno-strict-aliasing -pipe ' 'LDFLAGS=' 'CPPFLAGS='

in /etc/sysctl.conf
net.inet.ip.forwarding=1

Any idea what's wrong with my config? Have i missed out anything?

Thanks,
Denny
_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • freebsd 6.2 with ipfw forward not working
    • From: danow

• Prev by Date: Re: SMTP AUTH over SSL only?
• Next by Date: freebsd 6.2 with ipfw forward not working
• Previous by thread: SMTP AUTH over SSL only?
• Next by thread: freebsd 6.2 with ipfw forward not working
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: more transparent proxy and squid questions. ... > i never see any packets get to the squid box though.. ... > the ipfw shows matches.. ... then it's likely that it's somewhere else that the problem lie. ... (freebsd-questions) freebsd 6.2 with ipfw forward not working ... I have a rule in ipfw to divert all destination address with tcp port 80 to a local squid server. ... options IPFIREWALL ... (freebsd-isp) Re: freebsd 6.2 with ipfw forward not working ... dmcs> Hi, ... dmcs> tcp port 80 to a local squid server. ... dmcs> ipfw rules ... (freebsd-isp) Re: tranparent proxying, squid, nat, ipfw ... I have done a number of servers in this setup. ... the divert line as the first line in ipfw and the necessary NAT in rc.conf. ... > so far this was the simpliest squid configuration that i've seen... ... (freebsd-questions) Re: FreeBSD 6.x / GRE / WCCP / Squid ... I've not really got a tunnel. ... It's just setup as per the Squid docs to ... I can see the encapsulated packets via tcpdump on gre0, ... > wccp version 2 in order to run wccp with squid. ... (freebsd-questions)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > isp  > 2007-09