Date: Fri, 28 Nov 2008 13:29:35 +0800 From: "Kevin Foo" <chflags@gmail.com> To: freebsd-pf@freebsd.org, freebsd-net@freebsd.org Subject: Re: if_bridge + pf rdr (bridged inline proxy) Message-ID: <25cb30811272129h68e50bf4u46b15823b101a3@mail.gmail.com> In-Reply-To: <kAm%2BF6FIqlw92HA5uRKT2x7vs7I@GLEg3YZ63OFawJwNx8dnTbDEj1s> References: <25cb30811270426i6b5cc4c2s49030f64d06b0ec8@mail.gmail.com> <kAm%2BF6FIqlw92HA5uRKT2x7vs7I@GLEg3YZ63OFawJwNx8dnTbDEj1s>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank Eygene for the reply. It might be but I'm not sure. Anyone is having the same setting or any info on this? -- Regards Kevin Foo On Thu, Nov 27, 2008 at 10:00 PM, Eygene Ryabinkin <rea-fbsd@codelabs.ru> wrote: > Kevin, good day. > > Thu, Nov 27, 2008 at 08:26:55PM +0800, Kevin Foo wrote: >> I recently setup a bridge box with inline cache proxy. if_bridge with >> pf filtering was working perfectly. However, squid-cache listening on >> loopback device did not get any packets from pf rdr. I have seen >> successful setups with OpenBSD's bridge spamd which rather a similar >> setup. Is something broken on FreeBSD's if_bridge or am I missing some >> configuration here? > > pf can 'rdr' only incoming packets (from 'man pf.conf'): > ----- > Evaluation order of the translation rules is dependent on the type of the > translation rules and of the direction of a packet. binat rules are > always evaluated first. Then either the rdr rules are evaluated on an > inbound packet or the nat rules on an outbound packet. Rules of the same > type are evaluated in the same order in which they appear in the ruleset. > The first matching rule decides what action is taken. > ----- > So this can be just pf-related. And may be not, as usual... > -- > Eygene > _ ___ _.--. # > \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard > / ' ` , __.--' # to read the on-line manual > )/' _/ \ `-_, / # while single-stepping the kernel. > `-'" `"\_ ,_.-;_.-\_ ', fsc/as # > _.-'_./ {_.' ; / # -- FreeBSD Developers handbook > {_.-``-' {_/ # >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25cb30811272129h68e50bf4u46b15823b101a3>