From owner-freebsd-questions@FreeBSD.ORG Fri Mar 30 09:44:58 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 33D6416A401 for ; Fri, 30 Mar 2007 09:44:58 +0000 (UTC) (envelope-from heccjj1@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.229]) by mx1.freebsd.org (Postfix) with ESMTP id EAAD313C480 for ; Fri, 30 Mar 2007 09:44:57 +0000 (UTC) (envelope-from heccjj1@gmail.com) Received: by wr-out-0506.google.com with SMTP id 70so548822wra for ; Fri, 30 Mar 2007 02:44:57 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=s5GcQB3eDr2Bki7/O7yb0VcUcGYID6PxXO5Bar7UX6jEd5l98K9haFY6dS19xLHv8+6Ysrv6gM/dfshEc2l5aM0C0NopmHeeuFebYDTouJsCwcNvzO1jF7En65FJ3cBsHWXkrJB1aXzAKxI1llbXXe6giRG6yQbbsWO7v6G3UG0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=k0trkes3GRUvtkAG2L37Xi5zC4J3HW8Ma4o51uKF232wbq6LLUOA5GhBkDamh4aivfSddqNldLLChfIqK1FxSJ+PgX8rglMthpAV+awZnTMjCHhuIy5lX468F9Xojm8xJcaKxK2oRGniAxsTZzaKIQEhlTpa4GIvydM8RrwWupk= Received: by 10.114.254.1 with SMTP id b1mr666550wai.1175246402517; Fri, 30 Mar 2007 02:20:02 -0700 (PDT) Received: by 10.114.254.8 with HTTP; Fri, 30 Mar 2007 02:20:02 -0700 (PDT) Message-ID: <6f9d8a50703300220p15705167h72e6491e3c1790da@mail.gmail.com> Date: Fri, 30 Mar 2007 17:20:02 +0800 From: "he ccjj" To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: freebsd + squid + pf problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Mar 2007 09:44:58 -0000 I use freebsd + squid + pf to setup a transprarent proxy box. my /etc/pf.conf: ext_if="{fxp0}" int_if="{em0}" int_net="{192.168.100.254/16}" icmp_types="echoreq" set block-policy return set optimization aggressive set skip on lo0 scrub in nat on $ext_if from $int_net to any -> $ext_if rdr pass on $int_if inet proto tcp from $int_net to any port http -> 127.0.0.1 port 8080 antispoof quick for $ext_if inet pass in on $ext_if keep state pass out on $ext_if keep state pass in on $int_if keep state pass out on $int_if keep state main parts of my /usr/local/etc/squid/squid.conf: http_port localhost:8080 transparent visible_hostname proxy acl all src 0.0.0.0/0.0.0.0 ...... http_access allow all http_reply_access allow all icp_access allow all miss_access allow all always_direct allow all now I restart pf and squid, I can visit web site from clients.But I can't use some p2p program, like pplive(http://www.pplive.com/en/index.html). Why? my squid version is 2.6, I tested under freebsd 6.1 and 6.2 (all after portsnap fetch update and portupgrade -arR).