Date: Mon, 9 Mar 2015 10:03:54 -0400 From: Monah Baki <monahbaki@gmail.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: FreeBSD PF question Message-ID: <CALP3=x9851YUUu5rsMhc=tAYEZ4ma3xJZJUQFG8FqOhbJ%2BT_sQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi All, I have a freebsd 10.1 server with a single interface (bge0) running squid in intercept mode. There is a Cisco device doing the policy routing. interface GigabitEthernet0/0/1.1 encapsulation dot1Q 1 native ip address 10.0.0.9 255.255.255.0 no ip redirects no ip unreachables ip nat inside standby 1 ip 10.0.0.10 standby 1 priority 120 standby 1 preempt standby 1 name HSRP ip policy route-map CFLOW ip access-list extended REDIRECT deny tcp host 10.0.0.24 any eq www permit tcp host 10.0.0.23 any eq www route-map CFLOW permit 10 match ip address REDIRECT set ip next-hop 10.0.0.24 My squid.conf has the following: http_port 3128 http_port 3129 intercept My pf.conf has the following: rdr on bge0 inet proto tcp from 10.0.0.0/8 to any port 80 -> 10.0.0.24 port 3129 # block in pass in log quick on bge0 pass out log quick on bge0 pass out keep state User gets an access denied on browsing, and in my cache.log file, I see: WARNING: Forwarding loop detected for: Any help/guidance is appreciated. Thanks
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALP3=x9851YUUu5rsMhc=tAYEZ4ma3xJZJUQFG8FqOhbJ%2BT_sQ>