Date: Thu, 4 May 2006 08:33:16 +0300 From: "Huzeyfe Onal" <huzeyfe.onal@gmail.com> To: "Aguiar Magalhaes" <magalhj@yahoo.com.br> Cc: freebsd-pf@freebsd.org Subject: Re: Something is wrong Message-ID: <ffa9ac690605032233s16ede5ddk243ce7ca86c4ff@mail.gmail.com> In-Reply-To: <20060504034002.20589.qmail@web31609.mail.mud.yahoo.com> References: <20060504034002.20589.qmail@web31609.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
does lan_to_int includes port 19336 or 8081?
On 5/4/06, Aguiar Magalhaes <magalhj@yahoo.com.br> wrote:
> List,
>
> I have a lot of Windows Internet Explorer browsers in
> the
> LAN and they are marked to use the proxy at 3128 port.
>
> The pf and squid are in the same machine. I'm not
> using transparent proxy on pf. I don't have any
> redirections to proxy.
>
> Some applications in intranet pages use ports like
> 19336 or 8081 and they don't support the proxy.
>
> I need to tell to pf doesn't send the packages to the
> proxy, if the users are accessing those applications
> pages, but I'm not have success..
>
> My firewall has only two NICs: $int_if and $ext_if
>
> Could you help me ? Thanks, Aguiar
>
> The rules are:
>
> - - - - - - - -
> internal_net = "172.16.0.0/12"
> fw_ip_int = "172.16.0.9"
> fw_ip_ext = "200.x.x.x"
> lan_to_int = "{ 25 123 ... etc }
>
> set optimization aggressive
> scrub in all
> nat on $ext_if from $internal_net to any -> $fw_ip_ext
> rdr on $int_if proto tcp from $internal_net to any
> port 21 -> 127.0.0.1 port 8081
> pass quick on lo0 all
> antispoof for $ext_if inet
>
> block log all
> pass in on $int_if inet proto tcp from $internal_net
> to 127.0.0.1 port 8081 keep state
> pass in on $int_if inet proto tcp from $internal_net
> to { $fw_ip_int $fw_ip_ext } port 3128 keep state
> pass in on $int_if inet proto udp from $internal_net
> to any port 53 keep state
> pass in on $int_if inet proto tcp from $internal_net
> to any port $lan_to_int keep state
>
> # Access permitted out of the proxy (not is ok...)
> pass inet proto tcp from { 172.16.1.16 172.16.1.165
> 172.16.1.203 } to 201.x.x.x port { 80 3128 8081 } keep
> state
>
> pass out from $fw_ip_ext to any keep state
> - - - - - - - - - - - -
>
>
>
> _______________________________________________________
> Novo Yahoo! Messenger com voz: Instale agora e faça ligações de graça.
> http://br.messenger.yahoo.com/
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>
--
Huzeyfe ÖNAL
---
First Turkish Qmail book is out! Go check it.
Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
http://www.acikakademi.com/catalog/qmail/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ffa9ac690605032233s16ede5ddk243ce7ca86c4ff>