Chris Buechler wrote:
>On Mon, 6 Dec 2004 15:26:53 +0200, Marian Adelin STOICESCU
><marian at wsc dot ro> wrote:
>>2. It's posibile to use ipfw fwd.. on exec.php to put a proxy server pc to
>>work transparently.. or the problem of transparent proxy it's on work and i
>>must wait for a m0n0wall betas
>I know that'll work with ipfw, not sure if it will in m0n0wall's
>specific setup. It's worth a shot, I'd be interested in knowing if it
>works or not. Worst that could happen is what you put in exec.php
>could take down the firewall, but then a reboot will remove all that
>stuff. If you get it working, see the FAQ on hidden config.xml
>options on how to put them in <shellcmd> to get them to load at every
Not the scenario you describe, but maybe a solution for you is to use
the NAT Inbound rules on a OPT interface to do the redirect.
It does not use ipfw but rather the ipnat rdr statement creating a rule
like; "ipnat rdr ti0 0.0.0.0/0 port 80 -> N.N.N.N port 3128 tcp"
(N.N.N.N being my squid proxy located in the DMZ network.)
This will work with a NAT Inbound rule on a OPT interface redirecting
all traffic to port 80 to a box in DMZ, but it implies some restrictions;
- It cannot be enabled for the LAN interface, probably a failsafe
mechanism preventing user from locking himself out of the webgui - see
- The webgui is not accessible from the firewalls OPT ip anymore since
it is redirected, you need to access it trough the DMZ leg.
- You can only enable it for the whole network, no fine grained control
as to what ip should be transparently proxied(but I guess this should be
trivial to add since ipnat supports it)
Hope this helps..
Thomas Kolstø <thomas at kolsto dot no>