Date: Tue, 27 Nov 2012 10:13:29 +0100 From: Leslie Jensen <leslie@eskk.nu> To: Volodymyr Kostyrko <c.kworr@gmail.com> Cc: freebsd questions list <freebsd-questions@freebsd.org> Subject: Re: Anyone using squid and pf? Message-ID: <50B48439.40101@eskk.nu> In-Reply-To: <50B3D603.6050904@gmail.com> References: <50B0EA28.7060904@eskk.nu> <50B338B2.3090600@gmail.com> <50B3B788.6040801@eskk.nu> <50B3D603.6050904@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Volodymyr Kostyrko skrev 2012-11-26 21:50: >> >> rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021 >> >> # redirect www trafic to proxy >> rdr on $int_if inet proto tcp from $internal_net to any port >> $proxy_services -> $proxy port 8080 > > I could be wrong here but I think you have a loop. You are redirecting > from local interface to local interface i.e. the result of redirect is > still subject for redirect. Could you try one of the following: > > 1. Make this a `rdr in on $int_if`. > > 2. Make this a `rdr pass ... -> 127.0.0.1 port 8080`. I prefer this way > so port for transparent forwarding is unreachable except when explicitly > redirecting to it. > > Personally I newer allow such ambiguity in my configs. > Thanks! I'll try it out. I need to wait until tonight, the machine is in use at the moment. #1 I see your point. #2 this rule is for intended ftp traffic. That's why I'm sending to another port number. /Leslie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50B48439.40101>