[FUG-BR] Proxy-Transparente + IPFW
Edson Mendes
edsonmendes em prodatanet.com.br
Sexta Outubro 6 08:25:45 BRT 2006
Esperimente usar :
/sbin/ipfw add fwd 10.5.0.1,3128 tcp from 10.5.0.0/16 to any dst-port 80
Coloque no lugar de 127.0.0.1,,,,,, o ip do seu gateway interno
----- Original Message -----
From: "Alexandre Andrade" <alexandresp at gmail.com>
To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)"
<freebsd at fug.com.br>
Sent: Thursday, October 05, 2006 4:59 PM
Subject: Re: [FUG-BR] Proxy-Transparente + IPFW
> Opa,
>
> Realmente não tá tão fácil mesmo. hehehe
>
> Bom eu não se o fato de eu ter apenas uma interface de rede
> atrapalharia. Eu faço NAT para alguns IPS aqui da minha própria rede
> Interna.
>
> Mas adicionando a regra desse jeito também não rolou. Pra vc ter uma
> idéia nem LOGA nada no SQUID.
>
> Valeu
>
> On 10/5/06, Alexandre Maciente <alexandre at cocatrel.com.br> wrote:
>> Opa! Tá fácil não heim, rs..
>>
>> Amigo, tente colocar suas regras de firewall desta forma:
>>
>> /sbin/ipfw -q -f flush
>> /sbin/ipfw add check-state
>> /sbin/ipfw add allow all from any to any via lo0
>> /sbin/ipfw add allow log icmp from any to any
>> /sbin/ipfw add allow ip from 10.5.0.0/16 to any keep-state
>> /sbin/ipfw add allow ip from any to 10.5.0.0/16 keep-state
>> /sbin/ipfw add fwd 127.0.0.1,3128 tcp from 10.5.0.0/16 to any dst-port 80
>> /sbin/ipfw add divert natd all from any to any via lnc0
>> /sbin/ipfw add 65000 deny all from any to any
>>
>> Com o squid está td correto mesmo né?
>>
>> Boa sorte!
>>
>> Alexandre Maciente
>>
>> ----- Original Message -----
>> From: "Alexandre Andrade" <alexandresp at gmail.com>
>> To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)"
>> <freebsd at fug.com.br>
>> Sent: Thursday, October 05, 2006 4:34 PM
>> Subject: Re: [FUG-BR] Proxy-Transparente + IPFW
>>
>>
>> Olá,
>>
>> Então sem chance cara, fiz o que vc falou e não rolou. Tá assim agora.
>>
>> /sbin/ipfw -q -f flush
>> /sbin/ipfw add 65 fwd 127.0.0.1,3128 tcp from 10.5.0.0/16 to any dst-port
>> 80
>> /sbin/ipfw add 80 divert natd all from any to any via lnc0
>> /sbin/ipfw add 90 check-state
>> /sbin/ipfw add 95 allow all from any to any via lo0
>> /sbin/ipfw add 100 allow log icmp from any to any
>> /sbin/ipfw add 200 allow ip from 10.5.0.0/16 to any keep-state
>> /sbin/ipfw add 250 allow ip from any to 10.5.0.0/16 keep-state
>> /sbin/ipfw add 65000 deny all from any to any
>>
>> Só pra contar vai o natd.conf também.
>>
>> interface lnc0
>> dynamic yes
>> same_ports yes
>> use_sockets yes
>> unregistered_only no
>>
>>
>> Valeu
>>
>> On 10/5/06, Alexandre Maciente <alexandre at cocatrel.com.br> wrote:
>> > Blz,
>> >
>> > Vamos lá, tente adicionar a regra desta froma então:
>> >
>> > ipfw add 65 fwd 127.0.0.1,3128 tcp from 192.168.0.0/24 to any dst-port
>> > 80
>> >
>> > Supondo que classe de Ips de sua rede seja 192.168.0.0/24
>> >
>> > Qualque coisa tamo aí.
>> >
>> > Alexandre
>> >
>> >
>> > ----- Original Message -----
>> > From: "Alexandre Andrade" <alexandresp at gmail.com>
>> > To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)"
>> > <freebsd at fug.com.br>
>> > Sent: Thursday, October 05, 2006 4:20 PM
>> > Subject: Re: [FUG-BR] Proxy-Transparente + IPFW
>> >
>> >
>> > Fala ae,
>> >
>> > Pior que eu já coloquei: Ficou assim:
>> >
>> > /sbin/ipfw -q -f flush
>> > /sbin/ipfw add 65 fwd 127.0.0.1,3128 tcp from any to any 80
>> > /sbin/ipfw add 80 divert natd all from any to any via lnc0
>> > /sbin/ipfw add 90 check-state
>> > /sbin/ipfw add 95 allow all from any to any via lo0
>> > /sbin/ipfw add 100 allow log icmp from any to any
>> > /sbin/ipfw add 200 allow ip from 10.5.0.0/16 to any keep-state
>> > /sbin/ipfw add 250 allow ip from any to 10.5.0.0/16 keep-state
>> > /sbin/ipfw add 65000 deny all from any to any
>> >
>> > Valeu
>> >
>> >
>> > On 10/5/06, Alexandre Maciente <alexandre at cocatrel.com.br> wrote:
>> > > Olá Alexandre (chará),
>> > >
>> > > Tente colocar a regra de forward (165) antes da regra de Nat e
>> > > (divert
>> > > 80).
>> > >
>> > > Boa sorte!
>> > >
>> > > Alexandre Maciente
>> > >
>> > >
>> > > ----- Original Message -----
>> > > From: "Alexandre Andrade" <alexandresp at gmail.com>
>> > > To: "Lista Brasileira de Discussão sobre FreeBSD (FUG-BR)"
>> > > <Freebsd at fug.com.br>
>> > > Sent: Thursday, October 05, 2006 3:49 PM
>> > > Subject: [FUG-BR] Proxy-Transparente + IPFW
>> > >
>> > >
>> > > Hello pessoal,
>> > >
>> > > Acho que hoje não acordei muito inspirado e to quebrando a cabeça pra
>> > > fazer um Proxy-Transparente funcionar. heheh
>> > >
>> > > Segue as minhas regras de IPFW, o que será que tá errado. ?
>> > >
>> > > /sbin/ipfw -q -f flush
>> > > /sbin/ipfw add 80 divert natd all from any to any via lnc0
>> > > /sbin/ipfw add 90 check-state
>> > > /sbin/ipfw add 95 allow all from any to any via lo0
>> > > /sbin/ipfw add 100 allow log icmp from any to any
>> > > /sbin/ipfw add 164 allow tcp from any to any
>> > > /sbin/ipfw add 165 fwd 127.0.0.1,3128 tcp from any to any 80
>> > > /sbin/ipfw add 200 allow ip from 10.5.0.0/16 to any keep-state
>> > > /sbin/ipfw add 250 allow ip from any to 10.5.0.0/16 keep-state
>> > > /sbin/ipfw add 65000 deny all from any to any
>> > >
>> > > Só lembrando que o SQUID tá perfeitamente configurado.
>> > >
>> > > Valeu.
>> > >
>> > > --
>> > > ============================
>> > > Alexandre Andrade
>> > > São Paulo - SP
>> > > Linux User: 337239
>> > > BSD User: BSD051253
>> > > alexandresp at gmail.com
>> > > ============================
>> > > -------------------------
>> > > Histórico: http://www.fug.com.br/historico/html/freebsd/
>> > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> > >
>> > > -------------------------
>> > > Histórico: http://www.fug.com.br/historico/html/freebsd/
>> > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> > >
>> >
>> >
>> > --
>> > ============================
>> > Alexandre Andrade
>> > São Paulo - SP
>> > Linux User: 337239
>> > BSD User: BSD051253
>> > alexandresp at gmail.com
>> > ============================
>> > -------------------------
>> > Histórico: http://www.fug.com.br/historico/html/freebsd/
>> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> >
>> > -------------------------
>> > Histórico: http://www.fug.com.br/historico/html/freebsd/
>> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> >
>>
>>
>> --
>> ============================
>> Alexandre Andrade
>> São Paulo - SP
>> Linux User: 337239
>> BSD User: BSD051253
>> alexandresp at gmail.com
>> ============================
>> -------------------------
>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>
>> -------------------------
>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>
>
>
> --
> ============================
> Alexandre Andrade
> São Paulo - SP
> Linux User: 337239
> BSD User: BSD051253
> alexandresp at gmail.com
> ============================
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
>
Mais detalhes sobre a lista de discussão freebsd