|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now! |
|
#1
February 11th, 2004, 12:37 AM
|
|||
|
|||
|
Redirecting _outgoing_ packets to internal services
Hello,
Im currently running a freebsd box to NAT an adsl connection throughout our home network. The internet interface is named tun0, while the internal interface is named rl0. We use the 192.168.0.0/24 spectrum and the bsd box is 192.168.0.1 I'm trying to 'force' the use of our internal dns server by capturing any tcp/udp packets on port 53 destined for our ISP's dns servers and forwarding them to the local dns server also running on the same freebsd gateway. Our internal dns server would normally forward any unknown requests to our ISP dns servers. So basically dns requests from anywhere on our local network should be 'diverted' but reuqests from the bsd server itself should be allowed through. I'm having great difficulty trying to explain my requirements to google. I always end up with texts relating to forwarding INCOMMING packets to internal services ( such as a www server running behind nat ) which is NOT what i need  I also want to force use of our squid proxy server ( also running on the bsd box ), so that any connections to http on the internet are dealt with by the internal squid server. Any info and in particular example configs are appreciated, im currently using both IPFilter ( for nat and firewalling ) and IPFW(2) ( for bandwidth limiting ). In Essence: Code:
Forward/divert outgoing packets destined for port 53 udp/tcp to internal dns server Allow outgoing packets destined for port 53 udp/tcp from bsd gateway to reach and return from ISP's dns servers Thanks in advance, this is freaking confusing i tell ye :P
|
|
#2
February 11th, 2004, 12:25 PM
|
|||
|
|||
|
You could probably find it on google with the keyword "transparent proxy".
But it should IMO be as simple as adding some rules to natd and ipfw similar to these: Code:
natd: -redirect_port tcp 192.168.0.1:domain domain -redirect_port udp 192.168.0.1:domain domain ipfw: divert natd ip from 192.168.0.0/24 to any in via rl0 This is just an idea, i didn't test it and I can't tell if it works... hth, M.
__________________
-- Manuel Hirsch - Linux, FreeBSD, programming, administration articles, tutorials and more.
|
|
#3
February 11th, 2004, 05:19 PM
|
|||
|
|||
|
hmmm,
Those natd rules just redirect _incomming_ packets ( from the internet ) to a local dns server. When i added a divert rule for rl0 ( which is my internal interface, i already have a rule for my external divert natd ) i loose connectivity. I am not trying to provide dns to the world but rather force the use of our internal dns server rather than our ISP's dns server. I would also be using any help i get here to force use of an internal squid proxy server ( all OUTGOING packets should be directed 'back in' to the squid running on 3128 or whatever ) This is getting very confusing *weep*
|
|
#4
February 29th, 2004, 02:25 PM
|
|||
|
|||
|
hi
is your BSD box the only way out to the internet for your local clients? If so than you can force your clients to use local proxy by blocking all traffic from them to any address and port other than your proxy.
|
|
| Viewing: Dev Shed Forums > Operating Systems > BSD Help > Redirecting _outgoing_ packets to internal services |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
