(Is 8883 a typo? Should be 8888, per your DansGuardian config, right? I'll assume it's a typo ...) I run DG + Squid. I don't use IPFW, but I've heard of people using it for local-to-local port fwding ... and a quick google shows people claiming success doing it. And your rules look correct, comparing them to my iptables ruleset for my own DG -> Squid setup. The only thing that looks odd to me is that port 3333 is only accessible to uid squid -- are you really running DG under that uid? And are you sure you have DansGuardian's proxyip/proxyport set correctly (127.0.0.1/3333)? Oh -- are you on a Mac? Is there any chance they "dumbed down" IPFW to not allow localhost port fwding? (sound's like an Apple kind of thing to do ...) -----Original Message----- From: Tony [mailto:rigstars@xxxxxxxxx] Sent: Friday, September 10, 2010 5:31 PM To: squid-users@xxxxxxxxxxxxxxx Subject: EXTERNAL: client+Dansguardian+Squid+IPFW - all on same pc client+Dansguardian+Squid+IPFW - all on same pc I have one computer that has Dansguardian (127.0.0.1:8888) and Squid (127.0.0.1:3333) and IPFW installed. From the same computer, I'm trying to redirect port 80 to Dansguardian's port 8888 using the rulesets below. Is this possible? I read that ipfw does not allow forwarding from the same machine. Is this true? Something wrong with my rules? allow tcp from any to any dst-port 80 out uid squid allow tcp from any to any dst-port 3333 out uid squid fwd 127.0.0.1,8883 tcp from any to any 80
