Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Nov 2008 17:00:15 +0300
From:      Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To:        Kevin Foo <chflags@gmail.com>
Cc:        freebsd-net@freebsd.org, freebsd-pf@freebsd.org
Subject:   Re: if_bridge + pf rdr (bridged inline proxy)
Message-ID:  <kAm%2BF6FIqlw92HA5uRKT2x7vs7I@GLEg3YZ63OFawJwNx8dnTbDEj1s>
In-Reply-To: <25cb30811270426i6b5cc4c2s49030f64d06b0ec8@mail.gmail.com>
References:  <25cb30811270426i6b5cc4c2s49030f64d06b0ec8@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--0qVF/w3MHQqLSynd
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Kevin, good day.

Thu, Nov 27, 2008 at 08:26:55PM +0800, Kevin Foo wrote:
> I recently setup a bridge box with inline cache proxy. if_bridge with
> pf filtering was working perfectly. However, squid-cache listening on
> loopback device did not get any packets from pf rdr. I have seen
> successful setups with OpenBSD's bridge spamd which rather a similar
> setup. Is something broken on FreeBSD's if_bridge or am I missing some
> configuration here?

pf can 'rdr' only incoming packets (from 'man pf.conf'):
-----
     Evaluation order of the translation rules is dependent on the type of =
the
     translation rules and of the direction of a packet.  binat rules are
     always evaluated first.  Then either the rdr rules are evaluated on an
     inbound packet or the nat rules on an outbound packet.  Rules of the s=
ame
     type are evaluated in the same order in which they appear in the rules=
et.
     The first matching rule decides what action is taken.
-----
So this can be just pf-related.  And may be not, as usual...
--=20
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual  =20
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook=20
    {_.-``-'         {_/            #

--0qVF/w3MHQqLSynd
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iEYEARECAAYFAkkup+8ACgkQthUKNsbL7YjIJQCff20fjLaHQ7j5sscSdcUBElK+
trQAn3cHJZVTVJ1LcWbrjjH0fgWUQ7bU
=rd2z
-----END PGP SIGNATURE-----

--0qVF/w3MHQqLSynd--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?kAm%2BF6FIqlw92HA5uRKT2x7vs7I>