From owner-freebsd-pf@FreeBSD.ORG Wed Dec 6 15:29:03 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DAA7E16A509 for ; Wed, 6 Dec 2006 15:29:03 +0000 (UTC) (envelope-from rmiranda@digitalrelay.ca) Received: from wrdsl02.terago.ca (wrdsl02.terago.ca [207.54.102.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E5D943DA4 for ; Wed, 6 Dec 2006 15:27:48 +0000 (GMT) (envelope-from rmiranda@digitalrelay.ca) Received: from [192.168.0.6] (unknown [64.201.181.165]) by wrdsl02.terago.ca (Postfix) with ESMTP id 2FE6D86E8F; Wed, 6 Dec 2006 09:28:32 -0600 (CST) From: "Roger Miranda (Digital Relay)" Organization: Digital Relay Inc. To: Gergely CZUCZY Date: Wed, 6 Dec 2006 09:28:47 -0600 User-Agent: KMail/1.9.4 References: <200612060916.53866.rmiranda@digitalrelay.ca> <20061206152214.GA95527@harmless.hu> In-Reply-To: <20061206152214.GA95527@harmless.hu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200612060928.47988.rmiranda@digitalrelay.ca> Cc: freebsd-pf@freebsd.org Subject: Re: PF rdr from one port to another X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Dec 2006 15:29:03 -0000 On Wednesday 06 December 2006 09:22, Gergely CZUCZY wrote: > On Wed, Dec 06, 2006 at 09:16:52AM -0600, Roger Miranda (Digital Relay) wrote: > > Hey Everyone, First time poster here. > > > > I have a freebsd 6.1 setup with if_bridge. Two nics. > > I am running squid on the bridge itself. > > > > I having some issues doing the routing with PF. > > i have: > > > > rdr on $int_if inet proto tcp from $net to any port www -> $proxy port > > 3128 > > is $int_if the internal or the bridged interface? > what is $proxy? Sorry about that, ext_if="em0" int_if="em1" bridge_if="bridge0" net="192.168.0.0/16" proxy="127.0.0.1" em0 = 192.168.0.74 em1 = 192.168.0.75 > > > pass in log all keep state > > pass out log all keep state > > it'd be wise to specify interfaces also here. > > > Now fromt the workstation I type in "http://slashdot.org" and it see pass > > through squid, but now it is trying to connect to > > "http://slashdot.org:3128" > > what is "it" that conects to :3128 ? > 1) it == the client > 2) it == the squid proxy It's the proxy trying to redirect it to :3128, I just see that by looking at tcpdump. > > Bye, > > Gergely Czuczy > mailto: gergely.czuczy@harmless.hu