>
> Minimal Linux ipfwadm config:
>
> # Accept all on loopback
> ipfwadm -I -a accept -W lo
> # Accept my own IP, to prevent loops (repeat for each interface/alias)
> ipfwadm -I -a accept -D thishost 80
> # Send all traffic destinated to port 80 to Squid on port 3128
> ipfwadm -I -a accept -P tcp -D 0/0 80 -r 3128
>
it wouldn't accept your second rule, so I had to make it:
ipfwadm -I -a accept -P tcp -D thishost 80
it wanted a protocol declared when specifying a specific port, I assume i
changed it up correctly.
So now, i have squid answering on 3128, and my rules look like:
IP firewall input rules, default policy: accept
type prot source destination ports
acc all anywhere anywhere n/a
acc tcp anywhere constellation.shreve.net any -> www
acc/r tcp anywhere anywhere any -> www => 3128
(constellation.shreve.net is my squid machine)
Should this avoid those infinite loops?
> If your squid host has a IP in any of these networks, you should also
> add a explicit rule allowing traffic addressed to the squid-host
> throught without being redirected. Redirecting local traffic can be very
> confusing at best.
Well my squid has an IP in 208.206.76.44 (part of 208.206.76.0/24). Do
the rules above catch that or do i need another rule?
>
> ---
> Henrik Nordström
> Sparetime Squid Hacker
>
/-------------------------- signal@shreve.net -----------------------------\
| Brian Feeny | USR TC Hubs | ShreveNet Inc. (318)222-2638 |
| Network Administrator | Perl, Linux | Web hosting, online stores, |
| ShreveNet Inc. | USR Pilot | Dial-Up 14.4-56k, ISDN & LANs |
| 89 CRX DX w/MPFI, lots of |-=*:Quake:*=-| http://www.shreve.net/ |
| mods/Homepage coming soon |LordSignal/SN| Quake server: 208.206.76.47 |
\-------------------------- 318-222-2638 x109 -----------------------------/
Received on Sun Feb 08 1998 - 08:46:14 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:48 MST