From owner-freebsd-pf@FreeBSD.ORG Tue Mar 29 11:16:47 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F1C31065670 for ; Tue, 29 Mar 2011 11:16:47 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from mx1.bjare.net (mx1.bjare.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id EE6B98FC15 for ; Tue, 29 Mar 2011 11:16:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mx1.bjare.net (Postfix) with ESMTP id 7BC555E187; Tue, 29 Mar 2011 13:16:45 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mx1.bjare.net X-Spam-Flag: NO X-Spam-Score: -2.418 X-Spam-Level: X-Spam-Status: No, score=-2.418 tagged_above=-999 required=5 tests=[AWL=0.182, BAYES_00=-2.599, SPF_PASS=-0.001] Received: from mx1.bjare.net ([127.0.0.1]) by localhost (mx1.bjare.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id d-xE9ngktGGB; Tue, 29 Mar 2011 13:16:29 +0200 (CEST) X-BN-MX1: ja X-BN-MailInfo: BjareNet Received: from bljbsd01.no-ip.org (c-195-216-040-164.static.bjare.net [195.216.40.164]) by mx1.bjare.net (Postfix) with ESMTP id 7C97C5E133; Tue, 29 Mar 2011 13:16:29 +0200 (CEST) Message-ID: <4D91BF90.2080608@eskk.nu> Date: Tue, 29 Mar 2011 13:16:32 +0200 From: Leslie Jensen User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; sv-SE; rv:1.9.2.15) Gecko/20110307 Thunderbird/3.1.9 MIME-Version: 1.0 To: Vilem Kebrt References: <4D8E11CB.2070501@eskk.nu> <4D90075A.3030300@gmail.com> In-Reply-To: <4D90075A.3030300@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: Lost in rules! X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Mar 2011 11:16:47 -0000 On 2011-03-28 05:58, Vilem Kebrt wrote: > Dne 26.3.2011 17:18, Leslie Jensen napsal(a): >> block drop in log quick proto ipv6 all >> >> block drop out log quick proto ipv6 all > > Hi Leslie, > imho these rules will "drop random everything" , definition of ipv6 in > PF is inet6 :) and they are quick so no other rules aply. > > block drop in on $ext_if inet6 all > block drop out on $ext_if inet6 all > > should be these rules i think. > William > Thank you! That cured some of the problem. The remaining problem is that the squid transparency is not working. I can set proxy in my browser and it will use squid. But it seems that my rdr rule is no used. I've tried starting squid manually with squid -NCd10 but there's no indication of any errors. I'm also running tcpdump -s 256 -n -e -tttt -i pflog0 But I cannot see any of the outgoing packets getting detected by pf and sent to the proxy. Do you have any suggestions on how to log more information? Thanks /Leslie