From owner-FreeBSD-users-jp@jp.FreeBSD.org Thu Nov 20 20:34:35 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id hAKBYZx02880;
	Thu, 20 Nov 2003 20:34:35 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mpb3.plala.or.jp (c154240.vh.plala.or.jp [210.150.154.240])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id hAKBYYM02870
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Thu, 20 Nov 2003 20:34:34 +0900 (JST)
	(envelope-from ys@rain.plala.or.jp)
Received: from ga8ge667 ([220.221.97.116]) by mpb3.plala.or.jp with SMTP
          id <20031120113434.IGQP27258.mpb3.plala.or.jp@ga8ge667>
          for <FreeBSD-users-jp@jp.FreeBSD.org>;
          Thu, 20 Nov 2003 20:34:34 +0900
Message-ID: <005501c3af5a$44503350$c801a8c0@ga8ge667>
From: "SEKI yasuyuki" <ys@rain.plala.or.jp>
To: <FreeBSD-users-jp@jp.FreeBSD.org>
References: <200311151916.EAA00141@uketsuke.aji-oh.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4927.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Thu, 20 Nov 2003 20:34:23 +0900
X-Sequence: FreeBSD-users-jp 77287
Subject: [FreeBSD-users-jp 77287] Re: squid
 =?ISO-2022-JP?B?GyRCJE5GKTJhJVclbSUtJTdAX0RqJEskRCQkJEYbKEI=?=
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: ys@rain.plala.or.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+031103

$B$3$s$P$s$o!#$;$-$G$9!#(B

Bridge$B$K$7$?!"(BFreeBSD$B>e$G(Bsquid$B$NF)2a%W%m%-%7$r;H$*$&$HG:$s$G$$$^$7$?!#(B
$B$=$N8e!"$$$m$$$m$H;n9T:x8m$7$?7k2L$G$-$^$7$?$N$GJs9p$5$;$FD:$-$^$9!#(B


ipfw2$B$r;H$&$3$H$H!"(Bipfw2$B$N%=!<%9$K>/$7<j$r2C$($k$3$H$,%]%$%s%H$G$7$?!#(B

OS:FreeBSD4.9-REREASE

$B!|(Bipfw2$B$N%=!<%9$r=$@5!J(B/usr/src/sys/netinet/ip_fw2.c$B!K(B
http://news.gw.com/freebsd.ipfw/1724$B!!$r;29M$K$7$^$7$?!#(B
===================================================================
  goto done;

     case O_FORWARD_IP:
+#if 0
     if (args->eh)/* not valid on layer2 pkts */
     break;
+#endif
     if (!q || dyn_dir == MATCH_FORWARD)
     args->next_hop =
          &((ipfw_insn_sa *)cmd)->sa;
     retval = 0;
+     if (args->eh) {
+         struct m_hdr tag;
+
+         if (hlen == 0)/* non IP */
+     break;
+         tag.mh_type = MT_TAG;
+         tag.mh_flags = PACKET_TAG_IPFORWARD;
+         tag.mh_data = (caddr_t)args->next_hop;
+         tag.mh_next = m;
+         args->m = NULL;
+         retval = IP_FW_PORT_DENY_FLAG;
+         ip_input((struct mbuf *)&tag);
+     }
     goto done;

     default:
===================================================================

$B!|(Bip_input.c$B$N%=!<%9$r=$@5!J(B/usr/src/sys/netinet/ip_input.c$B!K(B
===================================================================
       * skip the firewall a second time
       */
      if (args.next_hop)
-      goto ours;
+      goto pass;/* XXX was 'ours' */

      args.m = m;
      i = ip_fw_chk_ptr(&args);
===================================================================


$B!|%+!<%M%k%*%W%7%g%s$O0J2<$N$b$N$r$D$1$k!#(B
options  IPFIREWALL
options  IPFW2
options  IPFIREWALL_VERBOSE
options  IPFIREWALL_DEFAULT_TO_ACCEPT
options  IPFIREWALL_FORWARD

$B!|$3$l$G!"%+!<%M%k$r:F9=C[$9$k!#(B

$B!|(Bipfw$B$N(Bbin$B%U%!%$%k$r(Bipfw2$BMQ$K$9$k!#(B
/usr/src/sbin/ipfw/$B!!$H(B
/usr/src/lib/libalias/
$B$K0\F0$7!"(B
# make IPFW2=true depend all install
$B$r$9$k$H!"(Bipfw$B$,%$%s%9%H!<%k$5$l$k!#(B

$B!|(Bipfw$B$N%k!<%k$rDI2C$9$k!#(B
# ipfw add fwd localhost,3128 tcp from any to any 80 layer2


$B$3$l$G!"%V%j%C%8%^%7%s>e$N(Bsquid$B$K$FF)2a%W%m%-%7$rDL$7$?(Bweb$B%"%/%;%9$,$G$-$k$h(B
$B$&$K$J$j$^$7$?!#(B

$BITI,MW$JItJ,$,$"$k$+$b$7$l$^$;$s$,!";d$N4D6-$O$3$l$G$G$-$k$h$&$K$J$j$^$7$?!#(B


$BD9J8<:Ni$7$^$7$?!#(B

