Date: Tue, 28 Jun 2016 13:07:59 +0000 From: "C. L. Martinez" <carlopmart@gmail.com> To: freebsd-questions@freebsd.org Subject: Problems with pf rules for intercept squid proxy Message-ID: <20160628130759.GA13226@beagle.bcn.sia.es>
next in thread | raw e-mail | index | archive | help
Hi all, I have some problems with my pf rules on a FreeBSD 10.3 host that acts as a squid intercept proxy. My actual pf rules are: rdr pass on $vpnif proto tcp from $int_network to any port http -> lo0 port 5144 rdr pass on $vpnif proto tcp from $int_network to any port https -> lo0 port 5145 At first stage it seems that these rules works, but don't. Traffic is redirected to squid, but squid denies all connections: 1467111934.502 1 172.22.55.1 TCP_DENIED/403 4221 GET http://www.osnews.com/ - HIER_NONE/- text/html Using same squid.conf's file under an OpenBSD test machine, squid works without problems. For this reason, I don't think there is some problem with my squid's config. The only difference between this OpenBSD host and FreeBSD are the pf rules. In OpenBSD host, pf rules are: pass in inet proto tcp from $int_network to any port http divert-to 127.0.0.1 port 5144 pass in inet proto tcp from $int_network to any port https divert-to 127.0.0.1 port 5145 .. and all works ok. Any idea why squid denies connections using FreeBSD's pf rules?? Thanks. -- Greetings, C. L. Martinez
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160628130759.GA13226>