From owner-freebsd-pf@FreeBSD.ORG  Sun Jul 31 18:36:06 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: pf@freebsd.org
Delivered-To: freebsd-pf@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8BBC316A41F
	for <pf@freebsd.org>; Sun, 31 Jul 2005 18:36:06 +0000 (GMT)
	(envelope-from gpt@tirloni.org)
Received: from srv-03.bs2.com.br (srv-03.bs2.com.br [200.203.183.32])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1399943D48
	for <pf@freebsd.org>; Sun, 31 Jul 2005 18:36:05 +0000 (GMT)
	(envelope-from gpt@tirloni.org)
Received: from localhost (localhost.bs2.com.br [127.0.0.1])
	by srv-03.bs2.com.br (Postfix) with ESMTP id EFD204AE63;
	Sun, 31 Jul 2005 15:36:34 -0300 (BRT)
Received: from webmail.bs2.com.br (srv-01-j01.bs2.com.br [200.203.183.38])
	by srv-03.bs2.com.br (Postfix) with ESMTP id 9AE714AE4C;
	Sun, 31 Jul 2005 15:36:34 -0300 (BRT)
Received: from 201.3.86.223 (SquirrelMail authenticated user gpt@tirloni.org)
	by webmail.bs2.com.br with HTTP;
	Sun, 31 Jul 2005 15:35:46 -0300 (BRT)
Message-ID: <1415.201.3.86.223.1122834946.squirrel@webmail.bs2.com.br>
In-Reply-To: <a64c109e0507302318339c9ce@mail.gmail.com>
References: <42E8D3D5.4030300@tirloni.org> 
	<200507281458.56534.max@love2party.net> <42E8DBC6.6060907@tirloni.org> 
	<42EB7A2A.3080701@tirloni.org> 
	<a64c109e050730155021f6551d@mail.gmail.com> 
	<42EC2DCE.4090009@tirloni.org>
	<a64c109e0507302318339c9ce@mail.gmail.com>
Date: Sun, 31 Jul 2005 15:35:46 -0300 (BRT)
From: "Giovanni P. Tirloni" <gpt@tirloni.org>
To: "Abu Khaled" <khaled.abu@gmail.com>
User-Agent: SquirrelMail/1.4.4
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: pf@freebsd.org
Subject: Re: rdr not working for transparent http - 5.4-stable
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jul 2005 18:36:06 -0000


Abu Khaled disse:
> On 7/31/05, Giovanni P. Tirloni <gpt@tirloni.org> wrote:
>>   I think there's something in the code that makes it not work because I
>> set ipfw to accept by default on every machine I have. There must be
>> something else.
>>
>
> Sounds confusing !!!
>
> Do you mind providing you ipfw/pf rules and the output of:
> # squid -v
> # ls -l /dev/pf
>
> Just to have a look at them while I scratch my head (to express the
> confused system administrator emotion).

 1. pf is enabled:

   device pf

 2. ipfw is enabled and accepts by default

   options IPFIREWALL
   options IPFIREWALL_DEFAULT_TO_ACCEPT

 3. I've no ipfw rules. ipfw is only compiled in and has just one rule to
accept everything (implied by kernel option)

 ipfw was just sitting there doing nothing useful for me and pf rdr didn't
work (nat and block/pass worked). I removed ipfw from my kernel config
and now pf rdr works. Squid is running in transparent mode.

 Now everything works and I'll try to simulate this behaviour on a lab
machine just not to annoy the customer anymore. I'll let the list know
about the results.

 Sorry about confusing it all.. thanks everybody.

-- 
Giovanni P. Tirloni