From owner-freebsd-pf@FreeBSD.ORG Thu Nov 25 19:14:29 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D70F2106566B for ; Thu, 25 Nov 2010 19:14:29 +0000 (UTC) (envelope-from daniel.iliev@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 6B34E8FC14 for ; Thu, 25 Nov 2010 19:14:29 +0000 (UTC) Received: by wyf19 with SMTP id 19so1180108wyf.13 for ; Thu, 25 Nov 2010 11:14:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:x-mailer:mime-version:content-type :content-transfer-encoding; bh=XuwZi9A5r7SJbRwrILgIUfKVHbjSA7wTeie7Cw9Qsnw=; b=Woa+HUsq72YGBLZ0yUg12oTOauKzp7I6Rnk0jkzV9dQ0sX/vRWNy8mNuM35AptDrl0 rA7oY3O4Q2jpT4M/D4izl+YVZrUtgTlR7WnStA+/WiOcohfDt1By7+3pR6sKcgev7Xio tCXVFdm3aoq2QIKTVdV9iZCun2QgsxLdfqciM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:x-mailer:mime-version:content-type :content-transfer-encoding; b=XpxNxTQa5ftFqBJSbGmxprqz/EGe7MIIaZrr4j20dzwI4w7WEnAZOFRJ8i2nEouU2z C/o3aJw9NqytkYAnj/9HESNmEXSCDVUJL+Ieiyw5cABb/KKg9pgk3Ocp8YUTEVZ0fk3U 9y5bdrWSwyp9IGKVF4W4zZODJJN86dzO8QAos= Received: by 10.227.157.203 with SMTP id c11mr1322877wbx.87.1290710576928; Thu, 25 Nov 2010 10:42:56 -0800 (PST) Received: from bsd.ilievnet.com ([82.137.108.200]) by mx.google.com with ESMTPS id ga16sm709443wbb.7.2010.11.25.10.42.55 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 25 Nov 2010 10:42:56 -0800 (PST) Date: Thu, 25 Nov 2010 20:42:53 +0200 From: Daniel Iliev To: freebsd-pf@freebsd.org Message-ID: <20101125204253.1ffc11fb@bsd.ilievnet.com> X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; amd64-portbld-freebsd8.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: redirecting local traffic to localhost X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Nov 2010 19:14:29 -0000 Hi, I'm trying to setup a transparent squid. While intercepting traffic from other hosts works fine, I can't figure out how to redirect locally originated packets to the proxy daemon. Squid is listening on 127.0.0.1:3128 with the "intercept" flag set. PF redirects the http traffic like this: rdr on msk0 from any to any port 80 -> 127.0.0.1 port 3128 So far, so good, but how should I redirect the packets from the squid box itself? The rule I'm looking for looks like this on Linux: iptables -t nat -I OUTPUT -m owner ! --uid-owner squid -p tcp --dport \ 80 -j REDIRECT --to-port 3128 -- Best regards, Daniel