Re: Redirecting from Cisco

From: Brian <[email protected]>
Date: Wed, 11 Feb 1998 09:32:22 -0600 (CST)

On Wed, 11 Feb 1998, A.Saeed wrote:

> dear fellows :
>
> I have been following your steps.
> Icouldn't be able to run ipfw with -r option it always says -r illegal and
> -S needed etc. .
> Please help me in this .
> regards
>

1. This will not work in older versions of ipfwadm, make sure you follow
the link at the Squid FAQ and get the latest distribution, I use 2.3.0

constellation:~# ipfwadm -h
ipfwadm 2.3.0, 1996/07/30

2. Make sure you compile your Linux kernel with Transparent Proxying,
which is an experimental option, so make sure you enable "experimental
drivers" in the kernel config:

constellation:~# man ipfwadm
       -r [port]
              Redirect packets to a local socket. When this
              option is set, packets accepted by this rule will
              be redirected to a local socket, even if they were
              sent to a remote host. If the specified redirec-
              tion port is 0, which is the default value, the
              destination port of a packet will be used as the
              redirection port. This option is only valid in
              input firewall rules with policy accept and can
              only be used when the Linux kernel is compiled with
              CONFIG_IP_TRANSPARENT_PROXY defined.

Brian

>
> On Fri, 6 Feb 1998, Brian wrote:
>
> > On Sat, 7 Feb 1998, Lincoln Dale wrote:
> >
> > > >int e0
> > > >ip policy route-map proxy-redirect
> > > >
> > > >IOS 11.1(6)
> > > >
> > > >I configured my netscape to use no proxies, and when I request a web page,
> > > >i get nothing. does anyone know what could commonly be the matter?
> > >
> > > i assume ethernet0 isn't the interface to your uplink ISP? you need
> > > to put the policy-route statement on the *outgoing* interface, where
> > > packets are destined, prior to being policy-routed to their correct
> > > destination.
> > >
> > > cheers,
> > >
> > > lincoln.
> > >
> >
> > Thanks! int s0 is outgoing, thanks, thats what i needed.
> >
> > Brian
> >
> > /-------------------------- signal@shreve.net -----------------------------\
> > | Brian Feeny | USR TC Hubs | ShreveNet Inc. (318)222-2638 |
> > | Network Administrator | Perl, Linux | Web hosting, online stores, |
> > | ShreveNet Inc. | USR Pilot | Dial-Up 14.4-56k, ISDN & LANs |
> > | 89 CRX DX w/MPFI, lots of |-=*:Quake:*=-| http://www.shreve.net/ |
> > | mods/Homepage coming soon |LordSignal/SN| Quake server: 208.206.76.47 |
> > \-------------------------- 318-222-2638 x109 -----------------------------/
> >
> >
>

/-------------------------- signal@shreve.net -----------------------------\
| Brian Feeny | USR TC Hubs | ShreveNet Inc. (318)222-2638 |
| Network Administrator | Perl, Linux | Web hosting, online stores, |
| ShreveNet Inc. | USR Pilot | Dial-Up 14.4-56k, ISDN & LANs |
| 89 CRX DX w/MPFI, lots of |-=*:Quake:*=-| http://www.shreve.net/ |
| mods/Homepage coming soon |LordSignal/SN| Quake server: 208.206.76.47 |
\-------------------------- 318-222-2638 x109 -----------------------------/
Received on Wed Feb 11 1998 - 07:38:44 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:51 MST