Hello!
Could anyone please direct me to any article, or tell keywords I can google myself about in which orders the IP packets are being processed? The task is: to forward HTTP and HTTPS traffic from the LAN to Squid.
Topology:
Custom kernel's options:
/etc/rc.conf(cut):
/etc/sysctl.conf:
What I need to do is to add an '
Squid's settings are common:
Should I put the
I've been reading and experimenting a whole past week without any acceptable results, none seems to work.
Thanks in advance.
Could anyone please direct me to any article, or tell keywords I can google myself about in which orders the IP packets are being processed? The task is: to forward HTTP and HTTPS traffic from the LAN to Squid.
Topology:
Code:
[LAN PC]--------[em1___SERVER___em0]---------[default_router]
192.168.2.3 192.168.2.1 192.168.1.198 192.168.1.1
Custom kernel's options:
Code:
include GENERIC
ident MYKERNEL1
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE_LIMIT=5
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
/etc/rc.conf(cut):
Code:
gateway_enable="YES"
firewall_enable="YES"
firewall_type="/etc/ipfw.conf"
dummynet_enable="YES"
natd_enable="YES"
natd_interface="em0"
natd_flags=""
squid_enable="YES"
#ipfw list
:
Code:
00001 allow ip from me to any
00050 devert 8668 ip from any to any via em0
00089 allow icmp from any to any
65535 deny ip from any to any
/etc/sysctl.conf:
Code:
net.ient.ip.fw.one_pass=0
net.inet.ip.fastforwarding=1
What I need to do is to add an '
ipfw fwd
' rule, but it seems I have some troubles realizing where exactly to put it in the /etc/ipfw.conf file, and the format of this rule. As I get it, the rule must be something like this: ipfw add #### fwd A.B.C.D,port1 tcp from K.L.M.N/24 to any port2 [in|out] via [em1|em0]
Squid's settings are common:
http_port 3128 intercept
.Should I put the
ipfw fwd
rule before the divert natd
rule or after it? A.B.C.D,port1 should be 127.0.0.1,3128 or something else? K.L.M.N,port2 should be LAN's network address (192.168.2.0/24) and 80, respectively? What should be the interfaces and direction, in or out? The packets from the LAN, they first being NAT'ed, then forwarded to Squid or opposite, and how can I figure this out?I've been reading and experimenting a whole past week without any acceptable results, none seems to work.
Thanks in advance.