Hello good people,
This is my first post to the list after scratching my head for hours. I am also new to this list, so please welcome me with a good solutionJ Below are my NAT rules on a FreeBSD box which acts as "everything" (router, firewall, proxy, etc): # bge0 = extif, bge1 = intif # First we let this machine access itself # Redirect local direct web traffic to local web server. rdr bge1 192.168.1.1/32 port 80 -> 192.168.1.1 port 80 tcp rdr bge1 192.168.1.1/32 port 443 -> 192.168.1.1 port 443 tcp # Redirect everything else to squid on port 3128 # These redirection rules are to force users on the LAN # to go through Squid cache on localhost rdr bge1 0.0.0.0/0 port 80 -> 192.168.1.1 port 3128 tcp # Also all SMTP Connections must go via localhost rdr bge1 0.0.0.0/0 port 25 -> 192.168.1.1 port 25 # These rules do ftp proxy for gateway machine and LAN!!! #This rule handles the FTP traffic from the gateway: map bge0 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp #This rule will handle all the traffic for the internal LAN: map bge0 192.168.1.0/24 -> 0/32 proxy port 21 ftp/tcp # Now map the rest.. map bge0 from 192.168.1.0/24 ! to 192.168.1.0/24 -> 0/32 portmap tcp/udp auto map bge0 from 192.168.1.0/24 ! to 192.168.1.0/24 -> 0/32 Now, my problem is just one. I want to comment out those last two portmap rules so that this machine is NOT quite an open gateway. When I do that, browsing of http sites work okay, but https (gmail.com, yahoomail.com) sites fail, and the error on IE (dammit!) is like DNS has failed! How do I get https to work through these rules, with the last portmap rules disabled? Regards, -- -Odhiambo WASHINGTON
