Date: Wed, 18 May 2005 11:26:35 -0500 From: Greg Donald <destiney@gmail.com> To: freebsd-questions@freebsd.org Subject: pf + squid Message-ID: <ea9da26c050518092667205bbc@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I am following this howto: http://www.benzedrine.cx/transquid.html I added pf and pflog to my kernel. After rebooting I did chgrp squid /dev/pf and chmod g+rw /dev/pf. I also restarted squid several times. When I try to access a remote web server it times out. I'm not getting any errors in /var/log/pflog or /var/log/messages. My config files look like this: > cat /etc/pf.conf |grep -v ^# ext_if=3D"dc0" # replace with actual external interface name i.e., dc0 int_if=3D"dc1" # replace with actual internal interface name i.e., dc1 internal_net=3D"10.0.0.1/8" external_addr=3D"24.159.59.97" rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 31= 28 pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep stat= e pass out on $ext_if inet proto tcp from any to any port www keep state > cat /usr/local/etc/squid/squid.conf |grep -v ^# =20 acl all src 0.0.0.0/0.0.0.0 acl our_networks src 10.0.0.0/8 acl to_localhost dst 127.0.0.0/8 http_port 127.0.0.1:3128 http_access deny to_localhost http_access allow our_networks visible_hostname gateway.localdomain httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on I am using ipfw to create my NAT, I don't know if that matters, but here are my config files for that as well: > cat /etc/rc.firewall |grep -v ^# =20 ipfw -f flush ipfw pipe 10 config bw 12KBytes/s ipfw add 50 pipe 10 ip from 10.0.0.2 to any via dc1 ipfw pipe 11 config bw 24KBytes/s ipfw add 51 pipe 11 ip from 10.0.0.3 to any via dc1 ipfw pipe 12 config bw 12KBytes/s ipfw add 52 pipe 12 ip from 10.0.0.4 to any via dc1 ipfw pipe 13 config bw 64KBytes/s ipfw add 53 pipe 13 ip from any to 10.0.0.4 via dc1 ipfw add 200 pass all from any to any via lo0 ipfw add 201 deny ip from any to 127.0.0.0/8 ipfw add 500 divert natd all from any to any via dc0 > cat /etc/natd.conf |grep -v ^# =20 interface dc0 dynamic use_sockets unregistered_only punch_fw 2000:50 redirect_port tcp 10.0.0.2:20-21 20-21 redirect_port tcp 10.0.0.2:22 22 redirect_port tcp 10.0.0.2:80 80 redirect_port tcp 10.0.0.2:113 113 redirect_port tcp 10.0.0.2:3333 3333 redirect_port tcp 10.0.0.2:2010-2020 2010-2020 Any ideas? TIA. --=20 Greg Donald Zend Certified Engineer http://destiney.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ea9da26c050518092667205bbc>