Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Nov 2012 18:52:10 +0100
From:      Fleuriot Damien <ml@my.gd>
To:        Doug Sampson <dougs@dawnsign.com>
Cc:        freebsd questions list <freebsd-questions@freebsd.org>
Subject:   Re: Anyone using squid and pf?
Message-ID:  <AEB48EC3-2BED-4306-AB02-D695D1213DA8@my.gd>
In-Reply-To: <E6B2517F8D6DBF4CABB8F38ACA367E782A5D6ABC@Draco.dawnsign.com>
References:  <50B0EA28.7060904@eskk.nu> <50B338B2.3090600@gmail.com> <50B3B788.6040801@eskk.nu> <E6B2517F8D6DBF4CABB8F38ACA367E782A5D6ABC@Draco.dawnsign.com>
index | next in thread | previous in thread | raw e-mail 


On Nov 27, 2012, at 6:34 PM, Doug Sampson <dougs@dawnsign.com> wrote:

> [...]
> 
>> Rules from pf.conf
>> 
>> --------------------------------------------
>> # macros
>> ext_if="xl0"
>> int_if="bge0"
>> 
>> tcp_services="{ 22, 993, 5910:5917 }"
>> tcp_priv_services="{ 389, 443 }"
>> proxy_services = "{ 21, 80 }"
>> icmp_types="{ echoreq unreach squench timex }"
>> internal_net = "172.18.0.0/16"
>> proxy = "172.18.0.1"
>> proxyport="8021"
>       ^
> No whitespace here
> 
>> 
>> # tables
>> table <goodguys> persist
>> table <sshguard> persist
>> 
>> # options
>> set block-policy return     # ports are closed but can be seen
>> set loginterface $ext_if
>> 
>> set skip on lo0
>> 
>> # scrub
>> scrub in
>> 
>> rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
>> 
>> # redirect www trafic to proxy
>> rdr on $int_if inet proto tcp from $internal_net to any port
>> $proxy_services -> $proxy port 8080
>                           ^
> Whitespace here. Maybe that's the issue here?
> 


Erm, working as intended, Doug.

He's redirecting from his internal net to any port defined as proxiable, to his $proxy machine on port 8080.

Looks good to me.




>> # ext_if IP address could be dynamic, hence ($ext_if)
>> nat on $ext_if from !($ext_if) to any -> ($ext_if)
> 
> [...]
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AEB48EC3-2BED-4306-AB02-D695D1213DA8>