Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Nov 2008 17:00:15 +0300
From:      Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To:        Kevin Foo <chflags@gmail.com>
Cc:        freebsd-net@freebsd.org, freebsd-pf@freebsd.org
Subject:   Re: if_bridge + pf rdr (bridged inline proxy)
Message-ID:  <kAm%2BF6FIqlw92HA5uRKT2x7vs7I@GLEg3YZ63OFawJwNx8dnTbDEj1s>
In-Reply-To: <25cb30811270426i6b5cc4c2s49030f64d06b0ec8@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
Kevin, good day.

Thu, Nov 27, 2008 at 08:26:55PM +0800, Kevin Foo wrote:
> I recently setup a bridge box with inline cache proxy. if_bridge with
> pf filtering was working perfectly. However, squid-cache listening on
> loopback device did not get any packets from pf rdr. I have seen
> successful setups with OpenBSD's bridge spamd which rather a similar
> setup. Is something broken on FreeBSD's if_bridge or am I missing some
> configuration here?

pf can 'rdr' only incoming packets (from 'man pf.conf'):
-----
     Evaluation order of the translation rules is dependent on the type of the
     translation rules and of the direction of a packet.  binat rules are
     always evaluated first.  Then either the rdr rules are evaluated on an
     inbound packet or the nat rules on an outbound packet.  Rules of the same
     type are evaluated in the same order in which they appear in the ruleset.
     The first matching rule decides what action is taken.
-----
So this can be just pf-related.  And may be not, as usual...
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual   
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook 
    {_.-``-'         {_/            #

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iEYEARECAAYFAkkup+8ACgkQthUKNsbL7YjIJQCff20fjLaHQ7j5sscSdcUBElK+
trQAn3cHJZVTVJ1LcWbrjjH0fgWUQ7bU
=rd2z
-----END PGP SIGNATURE-----
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?kAm%2BF6FIqlw92HA5uRKT2x7vs7I>