Date: Tue, 27 Nov 2012 17:34:47 +0000 From: Doug Sampson <dougs@dawnsign.com> To: freebsd questions list <freebsd-questions@freebsd.org> Subject: RE: Anyone using squid and pf? Message-ID: <E6B2517F8D6DBF4CABB8F38ACA367E782A5D6ABC@Draco.dawnsign.com> In-Reply-To: <50B3B788.6040801@eskk.nu> References: <50B0EA28.7060904@eskk.nu> <50B338B2.3090600@gmail.com> <50B3B788.6040801@eskk.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
[...]
> Rules from pf.conf
>=20
> --------------------------------------------
> # macros
> ext_if=3D"xl0"
> int_if=3D"bge0"
>=20
> tcp_services=3D"{ 22, 993, 5910:5917 }"
> tcp_priv_services=3D"{ 389, 443 }"
> proxy_services =3D "{ 21, 80 }"
> icmp_types=3D"{ echoreq unreach squench timex }"
> internal_net =3D "172.18.0.0/16"
> proxy =3D "172.18.0.1"
> proxyport=3D"8021"
^
No whitespace here
>=20
> # tables
> table <goodguys> persist
> table <sshguard> persist
>=20
> # options
> set block-policy return # ports are closed but can be seen
> set loginterface $ext_if
>=20
> set skip on lo0
>=20
> # scrub
> scrub in
>=20
> rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
>=20
> # redirect www trafic to proxy
> rdr on $int_if inet proto tcp from $internal_net to any port
> $proxy_services -> $proxy port 8080
^
Whitespace here. Maybe that's the issue here?
> # ext_if IP address could be dynamic, hence ($ext_if)
> nat on $ext_if from !($ext_if) to any -> ($ext_if)
[...]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E6B2517F8D6DBF4CABB8F38ACA367E782A5D6ABC>