Date: Mon, 9 Mar 2015 14:24:57 +0000 From: krad <kraduk@gmail.com> To: Monah Baki <monahbaki@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: FreeBSD PF question Message-ID: <CALfReyfqr-%2B4OxJ9BSUU6y-o9MaYs%2BJiSMQv7EWAGPTYqiuAcQ@mail.gmail.com> In-Reply-To: <CALP3=x9851YUUu5rsMhc=tAYEZ4ma3xJZJUQFG8FqOhbJ%2BT_sQ@mail.gmail.com> References: <CALP3=x9851YUUu5rsMhc=tAYEZ4ma3xJZJUQFG8FqOhbJ%2BT_sQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
It sounds like your cisco isnt letting the squid web traffic out and redirecting it back to itself. You need to exclude the squid proxyies address from redirection On 9 March 2015 at 14:03, Monah Baki <monahbaki@gmail.com> wrote: > Hi All, > > I have a freebsd 10.1 server with a single interface (bge0) running squid > in intercept mode. There is a Cisco device doing the policy routing. > > interface GigabitEthernet0/0/1.1 > > encapsulation dot1Q 1 native > > ip address 10.0.0.9 255.255.255.0 > > no ip redirects > > no ip unreachables > > ip nat inside > > standby 1 ip 10.0.0.10 > > standby 1 priority 120 > > standby 1 preempt > > standby 1 name HSRP > > ip policy route-map CFLOW > > > > ip access-list extended REDIRECT > > deny tcp host 10.0.0.24 any eq www > > permit tcp host 10.0.0.23 any eq www > > > > route-map CFLOW permit 10 > > match ip address REDIRECT > set ip next-hop 10.0.0.24 > > My squid.conf has the following: > http_port 3128 > http_port 3129 intercept > > > > My pf.conf has the following: > > rdr on bge0 inet proto tcp from 10.0.0.0/8 to any port 80 -> 10.0.0.24 > port > 3129 > # block in > pass in log quick on bge0 > pass out log quick on bge0 > pass out keep state > > > > User gets an access denied on browsing, and in my cache.log file, I see: > WARNING: Forwarding loop detected for: > > > > Any help/guidance is appreciated. > > > Thanks > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALfReyfqr-%2B4OxJ9BSUU6y-o9MaYs%2BJiSMQv7EWAGPTYqiuAcQ>