Re: EXTERNAL: [squid-users] client+Dansguardian+Squid+IPFW - all on same pc

Tony <rigstars@xxxxxxxxx> · Sat, 11 Sep 2010 09:03:03 -0400

Here are my rules currently as they stand. I can't figure it out, but
when I try to go to a website. It locks up my browser and machine and
I have to do a hard reboot each time. It's trying to resolve the site
but can't .. any ideas? Am I missing allow 80 back in?

#Flush out the list
${IPF} -q -f flush

#Zero out hits counter
${IPF} zero

#No restrictions on Loopback Interface
${IPF} add 00900 allow all from any to any via lo0

${IPF} add 1000 allow tcp from any to any dst-port 80 out uid squid
${IPF} add 2000 allow tcp from any to any dst-port 3333 out uid squid
${IPF} add 3000 fwd 127.0.0.1,8883 tcp from any to any 80
#${IPF} add 4000 fwd 127.0.0.1,8883 tcp from any to any 3333

On Sat, Sep 11, 2010 at 1:21 AM, Bucci, David G <david.g.bucci@xxxxxxxx> wrote:
> (Is 8883 a typo?  Should be 8888, per your DansGuardian config, right?  I'll assume it's a typo ...)
>
> I run DG + Squid. I don't use IPFW, but I've heard of people using it for local-to-local port fwding ... and a quick google shows people claiming success doing it.  And your rules look correct, comparing them to my iptables ruleset for my own DG -> Squid setup.
>
> The only thing that looks odd to me is that port 3333 is only accessible to uid squid -- are you really running DG under that uid?
>
> And are you sure you have DansGuardian's proxyip/proxyport set correctly (127.0.0.1/3333)?
>
> Oh -- are you on a Mac?  Is there any chance they "dumbed down" IPFW to not allow localhost port fwding?  (sound's like an Apple kind of thing to do ...)
>
> -----Original Message-----
> From: Tony [mailto:rigstars@xxxxxxxxx]
> Sent: Friday, September 10, 2010 5:31 PM
> To: squid-users@xxxxxxxxxxxxxxx
> Subject: EXTERNAL:  client+Dansguardian+Squid+IPFW - all on same pc
>
> client+Dansguardian+Squid+IPFW - all on same pc
>
> I have one computer that has Dansguardian (127.0.0.1:8888)
> and Squid (127.0.0.1:3333) and IPFW installed. From the same computer,
> I'm trying to redirect port 80 to Dansguardian's port 8888 using the
> rulesets below.
> Is this possible? I read that ipfw does not allow forwarding from the
> same machine. Is this true?  Something wrong with my rules?
>
> allow tcp from any to any dst-port 80 out uid squid
> allow tcp from any to any dst-port 3333 out uid squid
> fwd 127.0.0.1,8883 tcp from any to any 80
>