From owner-freebsd-questions@FreeBSD.ORG  Wed May 18 17:06:10 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A0F1D16A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 18 May 2005 17:06:10 +0000 (GMT)
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.201])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2817343D1D
	for <freebsd-questions@freebsd.org>;
	Wed, 18 May 2005 17:06:08 +0000 (GMT)
	(envelope-from tomasq@gmail.com)
Received: by zproxy.gmail.com with SMTP id 34so260507nzf
	for <freebsd-questions@freebsd.org>;
	Wed, 18 May 2005 10:06:07 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=OnRQPS+JwIn6soyBK7X2rzQFHc/fgRK6izDWOn6bGBRTJpPMyj4LQZpyYb6k6I991q3p5TLVsnCOLJ288NzVWD6WTs9aw2YhArUfH2sQcqVJeSJIJSBebl9tynTXUgKp1hF3fh5jeKkmq9LTZD/bv38xvSJXErhMcfyfni8RF/U=
Received: by 10.36.19.12 with SMTP id 12mr204640nzs;
        Wed, 18 May 2005 09:59:27 -0700 (PDT)
Received: by 10.36.2.19 with HTTP; Wed, 18 May 2005 09:59:27 -0700 (PDT)
Message-ID: <9e46c99e05051809595a16c9e@mail.gmail.com>
Date: Wed, 18 May 2005 12:59:27 -0400
From: Tomas Quintero <tomasq@gmail.com>
To: Greg Donald <destiney@gmail.com>
In-Reply-To: <ea9da26c050518092667205bbc@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <ea9da26c050518092667205bbc@mail.gmail.com>
cc: freebsd-questions@freebsd.org
Subject: Re: pf + squid
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Tomas Quintero <tomasq@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 May 2005 17:06:10 -0000

On 5/18/05, Greg Donald <destiney@gmail.com> wrote:
> I am following this howto:
> http://www.benzedrine.cx/transquid.html
>=20
> I added pf and pflog to my kernel.  After rebooting I did chgrp squid
> /dev/pf and chmod g+rw /dev/pf.  I also restarted squid several times.
> When I try to access a remote web server it times out.  I'm not
> getting any errors in /var/log/pflog or /var/log/messages.
>=20
> My config files look like this:
>=20
> > cat /etc/pf.conf |grep -v ^#
>=20
> ext_if=3D"dc0"    # replace with actual external interface name i.e., dc0
> int_if=3D"dc1"    # replace with actual internal interface name i.e., dc1
> internal_net=3D"10.0.0.1/8"
> external_addr=3D"24.159.59.97"
>=20
> rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port =
3128
> pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep st=
ate
> pass out on $ext_if inet proto tcp from any to any port www keep state
>=20
> > cat /usr/local/etc/squid/squid.conf |grep -v ^#
> acl all src 0.0.0.0/0.0.0.0
> acl our_networks src 10.0.0.0/8
> acl to_localhost dst 127.0.0.0/8
> http_port 127.0.0.1:3128
> http_access deny to_localhost
> http_access allow our_networks
> visible_hostname gateway.localdomain
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>=20
> I am using ipfw to create my NAT, I don't know if that matters, but
> here are my config files for that as well:
>=20
> > cat /etc/rc.firewall |grep -v ^#
>=20
> ipfw -f flush
>=20
> ipfw pipe 10 config bw 12KBytes/s
> ipfw add 50 pipe 10 ip from 10.0.0.2 to any via dc1
>=20
> ipfw pipe 11 config bw 24KBytes/s
> ipfw add 51 pipe 11 ip from 10.0.0.3 to any via dc1
>=20
> ipfw pipe 12 config bw 12KBytes/s
> ipfw add 52 pipe 12 ip from 10.0.0.4 to any via dc1
> ipfw pipe 13 config bw 64KBytes/s
> ipfw add 53 pipe 13 ip from any to 10.0.0.4 via dc1
>=20
> ipfw add 200 pass all from any to any via lo0
> ipfw add 201 deny ip from any to 127.0.0.0/8
>=20
> ipfw add 500 divert natd all from any to any via dc0
>=20
> > cat /etc/natd.conf |grep -v ^#
> interface dc0
> dynamic
> use_sockets
> unregistered_only
> punch_fw 2000:50
> redirect_port tcp 10.0.0.2:20-21 20-21
> redirect_port tcp 10.0.0.2:22 22
> redirect_port tcp 10.0.0.2:80 80
> redirect_port tcp 10.0.0.2:113 113
>=20
> redirect_port tcp 10.0.0.2:3333 3333
> redirect_port tcp 10.0.0.2:2010-2020 2010-2020
>=20
> Any ideas?  TIA.
>=20
> --
> Greg Donald
> Zend Certified Engineer
> http://destiney.com/
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o=
rg"
>=20
Why are you using IPFW and PF?

--=20
-Tomas Quintero