Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 26 Apr 2011 14:46:05 +0300
From:      Zeus V Panchenko <zeus@ibs.dn.ua>
To:        freebsd-pf@freebsd.org
Subject:   Re: former "transparent proxy traffic queue ..."
Message-ID:  <20110426114605.GC8525@relay.ibs.dn.ua>
In-Reply-To: <20110426085747.GA1204@insomnia.benzedrine.cx>
References:  <20110210155622.GA60117@icarus.home.lan> <20110411054544.GC22812@relay.ibs.dn.ua> <20110411061730.GA26940@insomnia.benzedrine.cx> <20110411080648.GD22812@relay.ibs.dn.ua> <20110411085730.GB26940@insomnia.benzedrine.cx> <20110411152230.GA88862@relay.ibs.dn.ua> <20110415063632.GA14296@insomnia.benzedrine.cx> <20110426074924.GH87913@relay.ibs.dn.ua> <20110426085747.GA1204@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help 
now it works,
thank you Daniel much!

Daniel Hartmeier (daniel@benzedrine.cx) [11.04.26 11:58] wrote:
> Remember, only the initial (first) packet of a connection causes
> ruleset evaluation, hence rules can be said to apply to the initial
> packets of connections (everything else is covered by states).
may you point me, where is it described, since i didn't meet it in pf
related man pages pf(4) and pf.conf(5)

> You don't need to think about the packets flowing in reverse at all.
but i was, since my previous firewall was ipfw+dummynet

i still a bit missing the logics :(
as for the wan interface, i can configure outgoing from wan interface
queue as i understande

pass out on $if_wan inet proto tcp from any to any port http queue wan_http

and it is correct

but as for reverse packets it was logical to my mind, to catch them
outgoing from lan interface to lan ... but the queue directed traffic
is defined by the outgoing from lan request ... 
still a bit weird for me ...

> So, take the initial packet of that connection (the HTTP connection from
> client to proxy, incoming on the LAN interface)
it is the key i was lacking 

thnx again

-- 
Zeus V. Panchenko
IT Dpt., IBS ltd			      	        GMT+2 (EET)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110426114605.GC8525>