From owner-freebsd-pf@FreeBSD.ORG Mon Jun 23 20:13:37 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E20F51065675 for ; Mon, 23 Jun 2008 20:13:37 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.freebsd.org (Postfix) with ESMTP id 6EFD28FC16 for ; Mon, 23 Jun 2008 20:13:37 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-064-178-179.pools.arcor-ip.net [88.64.178.179]) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis) id 0MKwtQ-1KAsPv46uU-0004N1; Mon, 23 Jun 2008 22:13:36 +0200 Received: (qmail 93569 invoked from network); 23 Jun 2008 20:11:21 -0000 Received: from myhost.laiers.local (192.168.4.151) by router.laiers.local with SMTP; 23 Jun 2008 20:11:21 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Mon, 23 Jun 2008 22:11:54 +0200 User-Agent: KMail/1.9.9 References: <5855700c0806230850r2df3d656of675ca4e0e307a51@mail.gmail.com> In-Reply-To: <5855700c0806230850r2df3d656of675ca4e0e307a51@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200806232211.54560.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18lxk1bkmhc7DiYMgyZVjF3K+rACJhCRDn5pjM xYm5RqUexPcLPpVyqYyIgneDLF8TYrRwQDnVzfF29nrtdtyDsu 8gnuubuOewfwkoBCuZ7Iw== Cc: Subject: Re: PF and SQUID X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2008 20:13:38 -0000 On Monday 23 June 2008 17:50:47 Miguel Alc=C3=A1ntara wrote: > Hi everybody, I'm having a problem for a week. I have to setup PF + > SQUID in a P2 machine, with 128RAM and 6GB hard disk and just one nic. > I virtualized an interface with an ip 192.168.1.80 and it has squid, > the nic has 192.168.1.60 and all the lan is 192.168.1.0/24. > > My problem is that I can=C2=B4t browse some sites the must be permitted. > > pf.conf > > #rules for firewall > ext_nic =3D "dc0" > yo =3D "192.168.1.0/24" > > table {208.67.220.220, 208.67.222.222} > #SQUID CONFIGURATION > rdr pass on $ext_nic inet proto tcp from $yo to any port www -> > 192.168.1.80port 3128 > nat on $ext_nic from $yo to any -> ($ext_nic) > #FILTER > block all > #pass in on $ext_nic from $yo > pass out on $ext_nic from any to With these rules there is no way for your squid to talk to the rest of the= =20 world. You have to allow it *somehow*[tm] to connect to the outside. =20 =46rom the above, I kind of doubt that you really understand what you are=20 doing - or are serverly suffering from the language barrier. You might=20 want to try to contact a forum or usergroup in your native language. > squid.conf > Well, it doens`t work, when I try to surf in any domain name listed > above in squid squid sends me a message: > > ERROR The requested URL could not be retrieved > ------------------------------ > > While trying to retrieve the URL: http://www.yahoo.com/ > > The following error was encountered: > > - * Connection to Failed * > > The system returned: > > * (1) Operation not permitted* =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News