Date: Tue, 10 Jun 2008 11:56:22 +0800 From: "Granzon Li" <granzon.li@gmail.com> To: freebsd-pf@freebsd.org Subject: pf with bridge Message-ID: <54b5397b0806092056y187d44d0nc054f9c9673d474c@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all!
I would like to build a transparente proxy with pf+squid3.0, in bridge
mode.But it seems that I can't make pf and bridge work properly.
Here is my enviroment:
myLan->FreeBSD(pf+squid3.0)->gateway->Internet
I just follow the steps building the bridge which were discribed in
hankbook,using these commands:
# ifconfig bridge create
# ifconfig bridge0 addm fxp0 addm fxp1 up
# ifconfig fxp0 up
# ifconfig fxp1 up
but I can't ping the Internet without ip,so I try
# ifconfig fxp0 192.168.1.5/24
# route add default 192.168.1.1(my gateway's ip)
and after that, I can ping the Internet in myLan,then I think my bridge can
work!
then I add these to my pf.conf:
int_if="fxp0"
ext_if="fxp1"
rdr pass on $int_if inet proto tcp from any to any port www->127.0.0.1 port
3128(my squid)
pass in all
pass out all
but myLan pc can't surf the webpages using my proxy.
And when I turn off pf,myLan pc can surf again!
while using pfctl -ss, I can see
self tcp 127.0.0.1:3128<-x.x.x.x:80-<
but I can't see any requests in my squid,and then I made some tests:
rdr pass on $int_if inet proto tcp from any to any port
www->www.google.comport 80
It works!
rdr pass on $int_if inet proto tcp from any to any port
www->192.168.1.121port 80(I just build an apache in one of my lan pc)
It didn't work.
So I guess maybe there is something wrong with my pf and bridge.
Is anybody know what's the problem?Any idea will be appreciated,thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54b5397b0806092056y187d44d0nc054f9c9673d474c>