Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Nov 2008 13:29:35 +0800
From:      "Kevin Foo" <chflags@gmail.com>
To:        freebsd-pf@freebsd.org, freebsd-net@freebsd.org
Subject:   Re: if_bridge + pf rdr (bridged inline proxy)
Message-ID:  <25cb30811272129h68e50bf4u46b15823b101a3@mail.gmail.com>
In-Reply-To: <kAm%2BF6FIqlw92HA5uRKT2x7vs7I@GLEg3YZ63OFawJwNx8dnTbDEj1s>
References:  <25cb30811270426i6b5cc4c2s49030f64d06b0ec8@mail.gmail.com> <kAm%2BF6FIqlw92HA5uRKT2x7vs7I@GLEg3YZ63OFawJwNx8dnTbDEj1s>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thank Eygene for the reply. It might be but I'm not sure. Anyone is
having the same setting or any info on this?

-- 
Regards
Kevin Foo


On Thu, Nov 27, 2008 at 10:00 PM, Eygene Ryabinkin <rea-fbsd@codelabs.ru> wrote:
> Kevin, good day.
>
> Thu, Nov 27, 2008 at 08:26:55PM +0800, Kevin Foo wrote:
>> I recently setup a bridge box with inline cache proxy. if_bridge with
>> pf filtering was working perfectly. However, squid-cache listening on
>> loopback device did not get any packets from pf rdr. I have seen
>> successful setups with OpenBSD's bridge spamd which rather a similar
>> setup. Is something broken on FreeBSD's if_bridge or am I missing some
>> configuration here?
>
> pf can 'rdr' only incoming packets (from 'man pf.conf'):
> -----
>     Evaluation order of the translation rules is dependent on the type of the
>     translation rules and of the direction of a packet.  binat rules are
>     always evaluated first.  Then either the rdr rules are evaluated on an
>     inbound packet or the nat rules on an outbound packet.  Rules of the same
>     type are evaluated in the same order in which they appear in the ruleset.
>     The first matching rule decides what action is taken.
> -----
> So this can be just pf-related.  And may be not, as usual...
> --
> Eygene
>  _                ___       _.--.   #
>  \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
>  /  ' `         ,       __.--'      #  to read the on-line manual
>  )/' _/     \   `-_,   /            #  while single-stepping the kernel.
>  `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
>     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
>    {_.-``-'         {_/            #
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25cb30811272129h68e50bf4u46b15823b101a3>