The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Blocking USERS who are not using cache
Author: VTK 
Date:   19-01-01 12:27

Hi
i'd like to block users, who are not using our cache server
on 192.168.10.254 is firewall(ipfw/natd)
on 92.168.10.1 is apache squid
i tryied something like this
ipfw add 001 allow tcp from 192.168.10.1 to any 80
ipfw add 002 allow tcp from any to 192.168.10.1 80
ipfw add 003 deny tcp from any to any 80
and now is not possible to connect anything on port 80 exp. 192.168.10.1


why is ipnat better than natd (all of you are recommending it :)) )
thank V.

Reply To This Message
 
 Re: Blocking USERS who are not using cache
Author: parv 
Date:   25-01-01 02:05

i am confused ... are you asking a question or telling us about your setup?

i mean, according to your setup, assuming rule list is complete, here is what is/may be...

(note to self: ipfw applies the 1st rule, ipf - which i use - applies the last)

...happening...

* ipfw add 001 allow tcp from 192.168.10.1 to any 80
- allow proxy server to connect to any other address /only/ on port 80

* ipfw add 002 allow tcp from any to 192.168.10.1 80
- allow any other address to connect to proxy server /only/ on port 80

* ipfw add 003 deny tcp from any to any 80
- if a connection isn't coming from or going to proxy server on port 80 wrt firewall host, then deny connection.


...which is what you want: block anybody not going thru' the proxy . so the source of my confusion. nonetheless, what else may be happening...

- default behaviour (or, options compiled in the kernel) of ipfw is to deny. given the rules list is complete, 3d rule becomes redundant, since first 2 rules allow connection only to/from 192.168.10.1:80, nothing else goes in or out.

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org