Re: FBSD gateway/firewall with squid <-will it let request in??
Crack open the squid Makefile and uncomment CONFIGURE_ARGS+= --enable-ipf-transparent I'm currently running this setup, however, it's been a while. IIRC, you need to manually move the ipf header files from your source tree (/usr/src/sys/contrib/ipfilter/netinet) to /usr/include/netinet for it to build successfully. Also, take a look at the following link. It's almost a year old but you may find it useful. http://ezine.daemonnews.org/200209/squid.html - Original Message - From: <[EMAIL PROTECTED]> To: "Free bsd " <[EMAIL PROTECTED]> Sent: Wednesday, July 16, 2003 5:13 AM Subject: FBSD gateway/firewall with squid <-will it let request in?? > Hi all, > shooting blind here cause I trouble shoot this (although I am remote from > the systems in question) > > 203.111.111.216/29 <-NAT-> 10.0.0.110.0.0.2 > Internet<-->FBSD (ipfilter/ipnat squid) <--> www/mail server > > All "live ips" are alias to external interface of FBSD they NAT to internals. > I have never had squid proxy on a gateway like this. Would squid by > default (I have changed very little in squid.conf) interfere with > externally incoming traffic being Natted to the inside server? Will it > block? > I know this is FBSD not SQUID but maybe it is an ipf hassle otherwise. > Thanks if you can help > Keith > > > > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
FBSD gateway/firewall with squid <-will it let request in??
Hi all, shooting blind here cause I trouble shoot this (although I am remote from the systems in question) 203.111.111.216/29 <-NAT-> 10.0.0.110.0.0.2 Internet<-->FBSD (ipfilter/ipnat squid) <--> www/mail server All "live ips" are alias to external interface of FBSD they NAT to internals. I have never had squid proxy on a gateway like this. Would squid by default (I have changed very little in squid.conf) interfere with externally incoming traffic being Natted to the inside server? Will it block? I know this is FBSD not SQUID but maybe it is an ipf hassle otherwise. Thanks if you can help Keith ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Gateway + Firewall
On Tue, 10 Dec 2002, Roman Neuhauser wrote: > # [EMAIL PROTECTED] / 2002-12-09 15:22:20 -0200: > > Well I have this problem with freebsd > > > > I have this network. > > > > Range: 10.10.10.192-207 > > Network: 10.10.10.192/28 > > Netmask: 10.10.10.254 > > Router: 10.10.10.193 That's not the correct netmask for that (or any) address range. Try 255.255.255.240. KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Gateway + Firewall
# [EMAIL PROTECTED] / 2002-12-09 15:22:20 -0200: > Well I have this problem with freebsd > > I have this network. > > Range: 10.10.10.192-207 > Network: 10.10.10.192/28 > Netmask: 10.10.10.254 > Router: 10.10.10.193 > > I want to setupa firewall connecting it directly to the router using 2 > ethernet interfaces seting up 2 valid address to this interfaces. > Isnt working seting different netmasks ( obvious ) and Freebsd dont allow > me to add same netmask to 2 different ether interfaces. > > How should i procced? you have AFAIK two options: a bridge (an invisible firewall), or NAT. I know nothing about bridging, but there's an article about it in /usr/share/doc/, so that might help. NAT (with ipfilter/ipnat): roman@lilith ~ 271:0 > grep gate /etc/rc.conf gateway_enable="YES" roman@lilith ~ 272:0 > grep route /etc/rc.conf defaultrouter="62.168.44.33" <- put your router's IP here roman@lilith ~ 270:0 > grep ^ip /etc/rc.conf ipfilter_enable="YES" ipfilter_rules="/etc/ipf.rules" ipnat_enable="YES" ipnat_rules="/etc/ipnat.rules" ipmon_enable="YES" now, I've always compiled IPFilter into the kernel, but looking at /etc/rc.network it appears that it should work using (and loading for you) kernel modules; IOW, without any compiling. as for /etc/ipf.rules and /etc/ipnat.rules: the simplest versions are (supposing you have rl0 and de0 interfaces, de0 being the outside one): /etc/ipf.rules: pass in quick on lo0 all pass out quick on lo0 all pass in quick on rl0 all pass out quick on rl0 all pass in quick on de0 all pass out quick on de0 all that of course doesn't buy you anything beyond the ipfilter overhead. :) /etc/ipnat.rules: map de0 10.0.0.0/24 -> 10.10.10.193/32 -- If you cc me or remove the list(s) completely I'll most likely ignore your message.see http://www.eyrie.org./~eagle/faqs/questions.html To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Gateway + Firewall
Well I have this problem with freebsd I have this network. Range: 10.10.10.192-207 Network: 10.10.10.192/28 Netmask: 10.10.10.254 Router: 10.10.10.193 I want to setupa firewall connecting it directly to the router using 2 ethernet interfaces seting up 2 valid address to this interfaces. Isnt working seting different netmasks ( obvious ) and Freebsd dont allow me to add same netmask to 2 different ether interfaces. How should i procced? soz about the poor english. Tnx in advance Danilo Castro To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message