From owner-freebsd-pf@freebsd.org Thu Jun 16 11:39:05 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 89C40A703DB for ; Thu, 16 Jun 2016 11:39:05 +0000 (UTC) (envelope-from atar.yosef@gmail.com) Received: from mail-wm0-x241.google.com (mail-wm0-x241.google.com [IPv6:2a00:1450:400c:c09::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1D60414CE; Thu, 16 Jun 2016 11:39:05 +0000 (UTC) (envelope-from atar.yosef@gmail.com) Received: by mail-wm0-x241.google.com with SMTP id k184so10770473wme.2; Thu, 16 Jun 2016 04:39:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-transfer-encoding:subject:references:from:mime-version :in-reply-to:message-id:date:cc:to; bh=kdruJTDfCYL/Bjj5a/pIPn+40xZEvha/0Yg+I92ZQes=; b=F/tkH05NpGdtmgKreHOOa0FAZEVtYS5aXgsVnywW4Fs12kizeFZ4lHXWYJKH2JOzNn CgoAC1OAujXKTJl+6O/xk6JWT5kW4pX/v87MbdxDFq7p1AnDtHIi5kzTIdSadHwk6wdH 8q1AkzfrcWXnDOHfHmTydTZkkISdXwG/z67ZV4MJ9hyNYU9a1IX9K4OS0qVop+SHJRGm oXcMKSQkTkfMnNXRoccafY8nNZjiyU64tIqpyRupEbYcjJ0sR2egnpWdAnCBsWSDN868 wicYpWpfvzhEkpOxh74U2oZZ/aMZDH8k0yM3XenY4Qdz7swhE1mdpOLuHH+Hd96js6pu YvyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-transfer-encoding:subject:references :from:mime-version:in-reply-to:message-id:date:cc:to; bh=kdruJTDfCYL/Bjj5a/pIPn+40xZEvha/0Yg+I92ZQes=; b=D1tjmMIOPkQNQD4IQlXEQrREO8HO6+ITWW5ffeUjEuCI5rxA1zYZyrZL3mL2MnThK1 j7bi/M+pb4T2vABD1CJAVyAtWOvChw+bfTwuIc7N5wnZ4x6wNaCnZl9Ftsj7atMaRA01 m23UerpIPi4oxoFljGNC8Hkxd3vNTv5GhIqn0wVVA07yMRmpYXNLsdpewH/yDjZ86w7H UvzLr3weOE+wC/L7p3GUjE2Lc8ZDqu21035cEKPIAp5GM3MI4bkYE+RfFwsDvVnpPwNX ViSuupHTF7OGF/FqZyT1CQqbbSXkGwJgDo3VBMH1vVnHVpr4R+j7E3SpQQ+QNI9Qzlu9 eOFw== X-Gm-Message-State: ALyK8tKOrKWE3NAapfsfSgaiqNsZ9rCoWH0/2se3gVaft8L79gv3yoVb/mCWUNaTQx37Ng== X-Received: by 10.28.69.134 with SMTP id l6mr13570762wmi.80.1466077142963; Thu, 16 Jun 2016 04:39:02 -0700 (PDT) Received: from [192.168.20.5] ([212.29.194.245]) by smtp.gmail.com with ESMTPSA id r6sm14501283wme.14.2016.06.16.04.39.01 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 16 Jun 2016 04:39:02 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Re: Filter connections based on the hostname. References: <5858A82C-FB66-4D67-A676-47EABED976CE@gmail.com> <57600481.6080204@quip.cz> <08195C33-DC97-4ADD-9C0A-D9493E2C29F7@gmail.com> <57602DEC.6080201@quip.cz> <969F8F1C-E992-4F47-89F9-759FD8CE2B91@gmail.com> <20160614202243.GA81528@in-addr.com> <545E509D-7851-4D1E-9547-2B20D36DD04E@gmail.com> <57625D52.1030607@quip.cz> From: atar Mime-Version: 1.0 (1.0) In-Reply-To: <57625D52.1030607@quip.cz> Message-Id: Date: Thu, 16 Jun 2016 14:38:41 +0300 Cc: Gary Palmer , "freebsd-pf@freebsd.org" To: Miroslav Lachman <000.fbsd@quip.cz> X-Mailer: iPod Mail (10B500) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2016 11:39:05 -0000 > atar wrote on 06/16/2016 09:15: >=20 > [...] >=20 >>> www.google.com DNS TTLs are 5 minutes so you shouldn't have to worry >>> about the IP changing in less then a minute UNLESS your PF firewall >>> and your browser use different DNS servers and could therefore get >>> different answers >>>=20 >>> Regards, >>>=20 >>> Gary >>=20 >> Can you give me any hint how to cause PF to redirect all the traffic thro= ugh the squid proxy? I'm pretty new in them both (PF and squid). >=20 > You can find basic config here > http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf >=20 > Squid can be installed from ports / packages > http://www.freshports.org/www/squid/ >=20 > Miroslav Lachman Hi and thanks for your willing to help. Unfortunately, I didn't succeed to redirect the network traffic through the s= quid server. I've putted the following line in my pf.conf: rdr pass inet proto tcp from any to any -> 127.0.0.1 port 3128 since the squid server is listening on port 3128, but the traffic isn't goin= g through it. I've also verified that no traffic is redirected to port 3128 by running the= command: nc -l 3128. I've no idea what is wrong here.=