'Re: redirection failure?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: redirection failure?
From:       gcohen () severedamage ! com
Date:       1999-05-17 13:52:53
[Download RAW message or body]

I was wondering if anyone could suggest how I would do this with IPFilter:

I am running a Solaris x86 box with two NICS, dnet0, and dnet1.

I want traffic to/from the router entering the machine via dnet0, and
traffic coming to/from the lan going into dnet1.

I would then set my gateway for my client machines to dnet1.

1.    What is the easiest way to set routing between dnet0 <-> dnet1. Is
this built into IPfilter, or is this a routed/gated/route issue
specifically?

2.    Whether or not I wanted to use a NAT now or in the future with this
configuration, is having two NICS overkill? Could this be done just as
easily with just one NIC?

thanks
geremy


----- Original Message -----
From: Dispatcher <dispatch@blackhelicopters.org>
To: Darren Reed <darrenr@reed.wattle.id.au>
Cc: <ipfilter@coombs.anu.edu.au>
Sent: Monday, May 17, 1999 5:35 AM
Subject: Re: redirection failure?


> Darren,
>
> I've answered this twice before; apparently there's something wrong
> between my mail system and yours.  (But thanks for your persistence.)
> I'm therefore cc'ing the ipfilter mailing list.
>
> This is with 3.2.10.
>
> Thanks,
> ==ml
>
>
> > What version of IP Filter was this with ?
> >
> > In some email I received from Dispatcher, sie wrote:
> > > Hello,
> > >
> > > I'm attempting to set up transparent proxy with Squid.  I appears that
> > > my redirections to port 8080 on the Squid/ipfilter machine aren't
> > > working.  The machine is running FreeBSD 2.2.8-stable.
> > >
> > > Here's my ipnat.conf:
> > >
> > > agouti/etc;more ipnat.conf
> > > map ppp0 192.168.66.0/24 -> 209.69.69.27/32
> > > rdr de0 192.168.66.1/32 port 80 -> 127.0.0.1 port 80 tcp
> > > rdr de0 0.0.0.0/0 port 80 -> 127.0.0.1 port 8080 tcp
> > >
> > > The first mapping works just fine; I can get out on the net, etc.
> > >
> > > I've flushed and re-read the ipnat config (ipnat -C, ipnat -F, and
> > > ipnat -f /etc/ipnat.conf).
> > >
> > > Squid is running; I can adjust an internal web browser to use a proxy
> > > at 192.168.66.1,8080, and it works.
> > >
> > > I try to browse through Squid transparently, however, and I get:
> > >
> > > agouti/etc;ipnat -l
> > > List of active MAP/Redirect filters:
> > > map ppp0 192.168.66.0/24  -> 209.69.69.27/32
> > > rdr de0 192.168.66.1/32 port 80 -> 127.0.0.1 port 80 tcp
> > > rdr de0 0.0.0.0/0 port 80 -> 127.0.0.1 port 8080 tcp
> > >
> > > List of active sessions:
> > > MAP 192.168.66.100  1950  <- -> 209.69.69.27    1950  [128.11.25.242
80]
> > > MAP 192.168.66.100  1949  <- -> 209.69.69.27    1949  [216.32.74.63
80]
> > > MAP 192.168.66.100  1948  <- -> 209.69.69.27    1948  [204.71.200.75
80]
> > > MAP 192.168.66.100  1012  <- -> 209.69.69.27    1012  [209.69.178.18
22]
> > >
> > > It appears that it's just going out straight to Yahoo, rather than
> > > hitting Squid.
> > >
> > > Any thoughts on what I'm doing wrong?  Suggestions on where to look?
> > >
> > > Thanks,
> > > ==ml
> > >
> > >
> > >
> >
>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic