From owner-freebsd-pf@FreeBSD.ORG Fri May 18 00:50:55 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5947916A404 for ; Fri, 18 May 2007 00:50:55 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.226]) by mx1.freebsd.org (Postfix) with ESMTP id 1BE1013C465 for ; Fri, 18 May 2007 00:50:54 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: by nz-out-0506.google.com with SMTP id s1so1218489nze for ; Thu, 17 May 2007 17:50:54 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=UNMLiM9LUgyUolBAN84DyR3cJpf1+ztV9hy9K/Wj5tGGajrrPH+Qk4O9G9BSzRcnTvn0U3x0x4Ebdtu/TenGLZ3BxSPfJCMcETQxN1mzAqcBgRSS2t8JrR/Bi6cOeCbHZvVsOF9FrkNQQDyCSlMfwuo1Chk+1qW4OePSBbMc0y8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=MStrBmeFs1RhwdCMnYyMQ4/C4aNhiGNSVnZQXnPssvPpAgF8EF03PAqDyGnCawqFCvtZxCw4skfafNLlIHLMfxFjhSmWIsv7yaVX/8Awtnyk8+aJlXDp3DLHn4Rplo888lvdUXKnux5ETLDrwVDLWEUh+Zk+wK8qeBuVyAbqgco= Received: by 10.114.169.2 with SMTP id r2mr544138wae.1179447940656; Thu, 17 May 2007 17:25:40 -0700 (PDT) Received: by 10.114.76.12 with HTTP; Thu, 17 May 2007 17:25:35 -0700 (PDT) Message-ID: Date: Thu, 17 May 2007 17:25:35 -0700 From: "Kurt Buff" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: pf, bridging, transparent proxy, dual gateways? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 May 2007 00:50:55 -0000 All, Wondering if the following scenario at all rational/feasible: [fw-a]------- | | [switch]---[freebsd]---[router]---[many subnets] | | [fw-b]------- Fw-a fronts our current T1, and that ties our other two offices together with IPSec, and is our main inbound mail feed. Fw-b is soon to be installed, and will front a new T1. The lines are not bonded - they come from different vendors. I'd like to forward all individual user traffic (HTTP/FTP/other) out of the second T1, perhaps with the use of Squid/Frox, leaving our intra-corporate traffic to go in/out the current T1, and also email. Am I way off base, or is this worth the effort, and if so, how might I set something like this up? Would it make sense to make squid/frox transparent proxies, or use the virtual IP address? Docs are good - I like to rtfm if I know which m to read. I'm completely new to both pf and squid, but have installed several other apps, including ntop and maia-mailguard, etc., on freebsd, so have some base of knowledge. Thanks, Kurt