Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 23 Jun 2008 22:11:54 +0200
From:      Max Laier <max@love2party.net>
To:        freebsd-pf@freebsd.org
Subject:   Re: PF and SQUID
Message-ID:  <200806232211.54560.max@love2party.net>
In-Reply-To: <5855700c0806230850r2df3d656of675ca4e0e307a51@mail.gmail.com>
References:  <5855700c0806230850r2df3d656of675ca4e0e307a51@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Monday 23 June 2008 17:50:47 Miguel Alc=C3=A1ntara wrote:
> Hi everybody, I'm having a problem for a week. I have to setup PF +
> SQUID in a P2 machine, with 128RAM and 6GB hard disk and just one nic.
> I virtualized an interface with an ip 192.168.1.80 and it has squid,
> the nic has 192.168.1.60 and all the lan is 192.168.1.0/24.
>
> My problem is that I can=C2=B4t browse some sites the must be permitted.
>
> pf.conf
>
> #rules for firewall
> ext_nic =3D "dc0"
> yo =3D "192.168.1.0/24"
>
> table <dns_cautivo> {208.67.220.220, 208.67.222.222}
> #SQUID CONFIGURATION
> rdr pass on $ext_nic inet proto tcp from $yo to any port www ->
> 192.168.1.80port 3128
> nat on $ext_nic from $yo to any -> ($ext_nic)
> #FILTER
> block all
> #pass in on $ext_nic from $yo
> pass out on $ext_nic from any to <dns_cautivo>

With these rules there is no way for your squid to talk to the rest of the=
=20
world.  You have to allow it *somehow*[tm] to connect to the outside. =20
=46rom the above, I kind of doubt that you really understand what you are=20
doing - or are serverly suffering from the language barrier.  You might=20
want to try to contact a forum or usergroup in your native language.

> squid.conf
<snip - doesn't matter>
> Well, it doens`t work, when I try to surf in any domain name listed
> above in squid squid sends me a message:
>
> ERROR The requested URL could not be retrieved
> ------------------------------
>
> While trying to retrieve the URL: http://www.yahoo.com/
>
> The following error was encountered:
>
>    - * Connection to Failed *
>
>  The system returned:
>
> *    (1) Operation not permitted*

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806232211.54560.max>