From owner-freebsd-questions@FreeBSD.ORG Tue Nov 27 09:13:28 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 341F0888 for ; Tue, 27 Nov 2012 09:13:28 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from mx1.bjare.net (mx1.bjare.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id D59B48FC08 for ; Tue, 27 Nov 2012 09:13:27 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mx1.bjare.net (Postfix) with ESMTP id 275585E230; Tue, 27 Nov 2012 10:13:26 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mx1.bjare.net X-Spam-Flag: NO X-Spam-Score: -1.546 X-Spam-Level: X-Spam-Status: No, score=-1.546 tagged_above=-999 required=5 tests=[AWL=-0.548, BAYES_00=-2.599, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1, SPF_SOFTFAIL=0.596] Received: from mx1.bjare.net ([127.0.0.1]) by localhost (mx1.bjare.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id YEE9-iAkLAFc; Tue, 27 Nov 2012 10:13:19 +0100 (CET) X-BN-MX1: ja X-BN-MailInfo: BjareNet Received: from [172.17.0.111] (c-195-216-043-059.ekt.thalamus.net [195.216.43.59]) by mx1.bjare.net (Postfix) with ESMTP id A61195E135; Tue, 27 Nov 2012 10:13:19 +0100 (CET) Message-ID: <50B48439.40101@eskk.nu> Date: Tue, 27 Nov 2012 10:13:29 +0100 From: Leslie Jensen User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: Volodymyr Kostyrko Subject: Re: Anyone using squid and pf? References: <50B0EA28.7060904@eskk.nu> <50B338B2.3090600@gmail.com> <50B3B788.6040801@eskk.nu> <50B3D603.6050904@gmail.com> In-Reply-To: <50B3D603.6050904@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd questions list X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Nov 2012 09:13:28 -0000 Volodymyr Kostyrko skrev 2012-11-26 21:50: >> >> rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021 >> >> # redirect www trafic to proxy >> rdr on $int_if inet proto tcp from $internal_net to any port >> $proxy_services -> $proxy port 8080 > > I could be wrong here but I think you have a loop. You are redirecting > from local interface to local interface i.e. the result of redirect is > still subject for redirect. Could you try one of the following: > > 1. Make this a `rdr in on $int_if`. > > 2. Make this a `rdr pass ... -> 127.0.0.1 port 8080`. I prefer this way > so port for transparent forwarding is unreachable except when explicitly > redirecting to it. > > Personally I newer allow such ambiguity in my configs. > Thanks! I'll try it out. I need to wait until tonight, the machine is in use at the moment. #1 I see your point. #2 this rule is for intended ftp traffic. That's why I'm sending to another port number. /Leslie