From owner-freebsd-pf@FreeBSD.ORG  Sun Jan  2 21:59:31 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9D2F9106566B
	for <freebsd-pf@freebsd.org>; Sun,  2 Jan 2011 21:59:31 +0000 (UTC)
	(envelope-from jay@experts-exchange.com)
Received: from mail.experts-exchange.com (mail.experts-exchange.com
	[72.29.183.251])
	by mx1.freebsd.org (Postfix) with ESMTP id 79FE78FC0C
	for <freebsd-pf@freebsd.org>; Sun,  2 Jan 2011 21:59:31 +0000 (UTC)
Received: from mail.experts-exchange.com (localhost [127.0.0.1])
	by mail.experts-exchange.com (Postfix) with ESMTP id 612AECA74D5;
	Sun,  2 Jan 2011 13:59:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
	experts-exchange.com; h=content-transfer-encoding:content-type
	:content-type:mime-version:user-agent:from:from:subject:subject
	:date:date:references:in-reply-to:message-id:received:received
	:received; s=ee; t=1294005571; x=1295819971; bh=Tx8Slg1iS/TQMsLT
	mf0WfphywTz+TFvrSw3csOzI0Z4=; b=EWPoTdp0XjO6CppjdTSCZKOAN8O9aE4t
	qDX1oEQsrdpLXBXoObj1z9LXqSQHQh+IhUVChjZ7fmUTZph48jR86lLBoRC79uN9
	ywDG0az8kk9qVwQmwRRnAOuNgthw5UdbN2X5Lc4vnd8WLwIjlahxz/E3CUpADJax
	izYFVcZeyo8=
X-Virus-Scanned: amavisd-new at experts-exchange.com
Received: from mail.experts-exchange.com ([127.0.0.1])
	by mail.experts-exchange.com (mail.experts-exchange.com [127.0.0.1])
	(amavisd-new, port 10024)
	with ESMTP id My0vY4UyZTnJ; Sun,  2 Jan 2011 13:59:31 -0800 (PST)
Received: from mail.experts-exchange.com (localhost [127.0.0.1])
	by mail.experts-exchange.com (Postfix) with ESMTP id 21457CA74FA;
	Sun,  2 Jan 2011 13:59:31 -0800 (PST)
Received: from 24.205.246.163 (SquirrelMail authenticated user jay)
	by mail.experts-exchange.com with HTTP;
	Sun, 2 Jan 2011 13:59:31 -0800
Message-ID: <0d256a6f108ee1e15225ef3db09c1763.squirrel@mail.experts-exchange.com>
In-Reply-To: <4D20DD02.2090605@my.gd>
References: <8fb3caa1300a9fcc5c2f23a70ade23a8.squirrel@mail.experts-exchange.com>
	<4D208AE2.6000402@my.gd>
	<3020c1e8b0ecb5e9bacb1033ddea2b3e.squirrel@mail.experts-exchange.com>
	<4D20BAEB.10101@my.gd>
	<5275a39aa1849d38d509a42b627dd4b0.squirrel@mail.experts-exchange.com>
	<4D20DD02.2090605@my.gd>
Date: Sun, 2 Jan 2011 13:59:31 -0800
From: jay@experts-exchange.com
To: "Damien Fleuriot" <ml@my.gd>
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: freebsd-pf@freebsd.org
Subject: Re: transparent proxy
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Jan 2011 21:59:31 -0000

>From studying squid rules, I found the following pf rule set. Does this do
something similar to what I'm after? I tried something like this but it
didn't help.

int_if="gem0"
ext_if="kue0"

rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128

pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state

http://www.benzedrine.cx/transquid.html

Thanks

> On 1/2/11 9:04 PM, jay@experts-exchange.com wrote:
>> Here I want :
>>
>> nn:nn:nn.nnnnnn IP 127.0.0.1.51791 > 192.168.103.2.80: Flags [S], ack
>> ...
>>
>> int_if="lo0"
>> ext_if="ed0"
>>
>> pass in on $int_if route-to ($int_if 127.0.0.1) from 192.168.103.1 keep
>> state
>>
>> But no good (it's not able to sync) :
>>
>
> How do things go when using synproxy in your pass rule ?
>
> Something like: pass in log on $int_if route-to ($int_if 127.0.0.1) from
> 192.168.103.1 synproxy state
>
>