From owner-freebsd-questions@FreeBSD.ORG Sun Dec 16 07:46:39 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E2D5F214 for ; Sun, 16 Dec 2012 07:46:39 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from mx1.bjare.net (mx1.bjare.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id 65FB98FC12 for ; Sun, 16 Dec 2012 07:46:39 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mx1.bjare.net (Postfix) with ESMTP id 09D6C5E1E6; Sun, 16 Dec 2012 08:46:31 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mx1.bjare.net X-Spam-Flag: NO X-Spam-Score: -1.995 X-Spam-Level: X-Spam-Status: No, score=-1.995 tagged_above=-999 required=5 tests=[AWL=-0.092, BAYES_00=-2.599, RDNS_NONE=0.1, SPF_SOFTFAIL=0.596] Received: from mx1.bjare.net ([127.0.0.1]) by localhost (mx1.bjare.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id tjRKwWgbo4uR; Sun, 16 Dec 2012 08:46:29 +0100 (CET) X-BN-MX1: ja X-BN-MailInfo: BjareNet Received: from [172.17.0.111] (unknown [195.216.53.111]) by mx1.bjare.net (Postfix) with ESMTP id 639015E1B2; Sun, 16 Dec 2012 08:46:29 +0100 (CET) Message-ID: <50CD7C56.1000303@eskk.nu> Date: Sun, 16 Dec 2012 08:46:30 +0100 From: Leslie Jensen User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: Damien Fleuriot Subject: Re: Anyone using squid and pf? References: <50B0EA28.7060904@eskk.nu> <50B338B2.3090600@gmail.com> <50B3B788.6040801@eskk.nu> <50B3D603.6050904@gmail.com> <50B52A1A.6070103@eskk.nu> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd questions list X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Dec 2012 07:46:39 -0000 Damien Fleuriot skrev 2012-11-29 00:28: > > > # 1/ redirect web traffic to the proxy $proxy on port $proxyport > rdr in on $int_if inet proto tcp from !$proxy to any port 80 -> $proxy > port $proxyport tag rdr_proxy > > # 2/ redirect FTP traffic to the ftp-proxy running on the local > machine on port 8021 > rdr in on $int_if inet proto tcp from $int_if:network to any port 21 > -> 127.0.0.1 port 8021 tag rdr_ftp > > # 3/ access rule to allow traffic from the local net to your proxy > pass in quick on $int_if inet proto tcp flags S/SAFR tagged rdr_proxy > > # 4/ access rule to allow traffic from the local net to your FTP proxy > pass in quick on $int_if inet proto tcp flags S/SAFR tagged rdr_ftp > > # 5/ access rule to allow your proxy to do whatever it wants in a very > limited fashion > pass in quick on $int_if inet proto tcp from $proxy to any port { 80 > 443 } flags S/SAFR > > Hello Damien I'm concentrating on getting the web traffic to work first. I've changed rule #1 as you can see below but pf returns a syntax error. # redirect www trafic to proxy rdr in on $int_if inet proto tcp from !$proxy to any port $proxy_services -> $proxy $proxyport tag rdr_proxy My variables are: proxy = "172.18.0.1" proxy_services = "{ 21, 80 }" proxyport="8080" Am I supposed to ad rule #5 as well or is it a suggestion? Thanks /Leslie