Date: Wed, 11 Jul 2012 09:22:00 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Hao Bryan Cheng <hbcheng@berkeley.edu> Cc: freebsd-pf@freebsd.org Subject: Re: Question regarding packet forwarding and Squid Message-ID: <20120711072200.GD9145@insomnia.benzedrine.cx> In-Reply-To: <7b10a675fc6b44b4b93597d97036de31@berkeley.edu> References: <7b10a675fc6b44b4b93597d97036de31@berkeley.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 09, 2012 at 06:31:55PM -0700, Hao Bryan Cheng wrote: > Is there a rule in pf that behaves similarly to ipfw's fwd rule? I have > heard mentions of a divert-to rule, but I was unsuccessful in finding any > official documentation on the subject anywhere online. No, there's no generic rule in pf to solve this for every proxy, but there is a solution for squid specifically: When you build the Squid port (www/squid) there is an option [ ] SQUID_PF Enable transparent proxying with PF This enables a function specifically to deal with your case: when squid, listening on 127.0.0.1:3128, receives a connection rdr'd by pf src original dst rewritten dst 10.1.2.3:61234 -> 62.65.1.2:80 -> 127.0.0.1:3128 squid will use a pf-specific ioctl() call to figure out the original destination, and use it for url_rewrite, too, AFAIK. HTH, Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120711072200.GD9145>