Date: Tue, 27 Nov 2012 17:34:47 +0000 From: Doug Sampson <dougs@dawnsign.com> To: freebsd questions list <freebsd-questions@freebsd.org> Subject: RE: Anyone using squid and pf? Message-ID: <E6B2517F8D6DBF4CABB8F38ACA367E782A5D6ABC@Draco.dawnsign.com> In-Reply-To: <50B3B788.6040801@eskk.nu> References: <50B0EA28.7060904@eskk.nu> <50B338B2.3090600@gmail.com> <50B3B788.6040801@eskk.nu>
index | next in thread | previous in thread | raw e-mail
[...]
> Rules from pf.conf
>
> --------------------------------------------
> # macros
> ext_if="xl0"
> int_if="bge0"
>
> tcp_services="{ 22, 993, 5910:5917 }"
> tcp_priv_services="{ 389, 443 }"
> proxy_services = "{ 21, 80 }"
> icmp_types="{ echoreq unreach squench timex }"
> internal_net = "172.18.0.0/16"
> proxy = "172.18.0.1"
> proxyport="8021"
^
No whitespace here
>
> # tables
> table <goodguys> persist
> table <sshguard> persist
>
> # options
> set block-policy return # ports are closed but can be seen
> set loginterface $ext_if
>
> set skip on lo0
>
> # scrub
> scrub in
>
> rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
>
> # redirect www trafic to proxy
> rdr on $int_if inet proto tcp from $internal_net to any port
> $proxy_services -> $proxy port 8080
^
Whitespace here. Maybe that's the issue here?
> # ext_if IP address could be dynamic, hence ($ext_if)
> nat on $ext_if from !($ext_if) to any -> ($ext_if)
[...]
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E6B2517F8D6DBF4CABB8F38ACA367E782A5D6ABC>