Hi Jinge,
Nice that you have it working with ipfw.
I have no hands-on experience with FreeBSD9 and those divert-to rules.
Reading their explanation led me to expect it should be able to work,
and resolve the issue of needing 2 firewalls pf&ipfw simultaneously.
As Joris also writes you should probably not redirect all traffic that
flows from any-to-any, but only that what was originally already going
to the proper destination port so any-to-any2222.
So possibly something like this: pass in quick on vlan64 inet proto tcp
from any to any port 2222 divert-to 127.0.0.1 port 2222
If this can actually work, i currently do not know.. My only FreeBSD 9
pf knowledge is from reading its manual..... So cant help with that.
If you do manage to get the divert-to working please do share it with us.
Greets PiBa-NL
Op 12-7-2013 7:37, jinge schreef:
Hi PiBa-NL,
I just follow your advice and find my pf configure is not correct
rdr on vlan64 proto tcp from any to any -> 127.0.0.1 port 2222
And I change to ipfw and fwd then it works corrently.
ipfw add fwd 127.0.0.1,2222 tcp from any to any via vlan64 in
And you tell my I can use pf's divert-to, but after a test I found it
doesn't work.Here is the configure
pass in quick on vlan64 inet proto tcp from any to any divert-to
127.0.0.1 port 2222
So can your tell my the right configure?
Thank you.
Regards
Jinge
On 2013-7-11, at 下午12:07, jinge <altman87...@gmail.com
<mailto:altman87...@gmail.com>> wrote:
Hi PiBa-NL,
Thanks for your reply!
And I will follow your advice!
Regards
Jinge
On 2013-7-10, at 上午4:25, PiBa-NL <piba.nl....@gmail.com
<mailto:piba.nl....@gmail.com>> wrote:
Hi Jinge,
Im not exactly sure how this is supposed to work.. did manage to get
transparent proxy for the server side working.. (the server is
presented with a connection from original client ip.) This works
with haproxy 1.5dev19 on FreeBSD8.3 with help of some ipfw fwd rules..
Your config also seams to be working (used some parts their-of to
test..)
Did require the following ipfw rule for me..:
ipfw add 90 fwd localhost tcp from any to any 2222 in recv em1
Actually on pfSense it also needs "-x haproxy" as it is a bit
customized.. And because i run 'ipfw' combined with 'pf' i also
needed to configure pf with floating 'pass on match' rules to allow
the 'strange traffic'.. That pf cannot handle..
If you however have FreeBSD 9 you might want to look into the
divert-to rules that pf can make. Might make stuff simpler if it
turns out to work..
Please report back your required settings (&config if it changes)
when you manage to get it working.
Greetings PiBa-NL
Op 9-7-2013 12:55, jinge schreef:
Hi,all!
We use haproxy and FreeBSD for our cache system. And we want to use
the transparent option
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20transparent which
for some compatiable things.
But found it doest work. Here is the configure which worked in Ubuntu.
frontend tcp-in
bind :2222
mode tcp
log global
option tcplog
#distingush HTTP and non-HTTP
tcp-request inspect-delay 30s
tcp-request content accept if HTTP
default_backend Direct
backend Direct
mode tcp
log global
option tcplog
no option httpclose
no option http-server-close
no option accept-invalid-http-response
option transparent
Can anyone tell my if is the FreeBSD can not support transparent
here or my configure is not correct ? And how to make transparent
work right.
Thanks!
Regards
Jinge