Date: Thu, 16 Jun 2016 16:00:33 +0300 From: atar <atar.yosef@gmail.com> To: Miroslav Lachman <000.fbsd@quip.cz> Cc: Gary Palmer <gpalmer@freebsd.org>, "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: Filter connections based on the hostname. Message-ID: <E792E92E-6703-46EE-9A23-C358FDCE72F3@gmail.com> In-Reply-To: <57629875.1000509@quip.cz> References: <5858A82C-FB66-4D67-A676-47EABED976CE@gmail.com> <57600481.6080204@quip.cz> <08195C33-DC97-4ADD-9C0A-D9493E2C29F7@gmail.com> <57602DEC.6080201@quip.cz> <969F8F1C-E992-4F47-89F9-759FD8CE2B91@gmail.com> <20160614202243.GA81528@in-addr.com> <545E509D-7851-4D1E-9547-2B20D36DD04E@gmail.com> <57625D52.1030607@quip.cz> <BCE7D6E6-0389-4674-98AF-4D67A6262268@gmail.com> <57629875.1000509@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
> atar wrote on 06/16/2016 13:38: >>> atar wrote on 06/16/2016 09:15: >=20 >>>> Can you give me any hint how to cause PF to redirect all the traffic th= rough the squid proxy? I'm pretty new in them both (PF and squid). >>>=20 >>> You can find basic config here >>> http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf >>>=20 >>> Squid can be installed from ports / packages >>> http://www.freshports.org/www/squid/ >>>=20 >>> Miroslav Lachman >>=20 >> Hi and thanks for your willing to help. >>=20 >> Unfortunately, I didn't succeed to redirect the network traffic through t= he squid server. >>=20 >> I've putted the following line in my pf.conf: >>=20 >> rdr pass inet proto tcp from any to any -> 127.0.0.1 port 3128 >>=20 >> since the squid server is listening on port 3128, but the traffic isn't g= oing through it. >>=20 >> I've also verified that no traffic is redirected to port 3128 by running t= he command: nc -l 3128. >>=20 >> I've no idea what is wrong here. >=20 > Are you trying to block traffic originating on machine with PF and Squid o= r is this machine firewall for LAN? >=20 > I think you need to add port www (or port {80, 443}) to your rdr rule and a= lso specify on which interface you want to do this translation. If you need t= o filter traffic from your LAN to outside world you need to specify LAN inte= rface. >=20 > Something like this >=20 > rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3= 128 >=20 > pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep sta= te > pass out on $ext_if inet proto tcp from any to any port www keep state >=20 >=20 > More resources can be found here >=20 > http://serverfault.com/questions/490926/freebsd-pf-squid-transparent > http://www.benzedrine.ch/transquid.html > https://forums.freebsd.org/threads/10874/ >=20 > Miroslav Lachman I'm trying to block traffic originating on machine with PF and Squid. The Fre= eBSD machine resides inside a VirtualBox machine if it matters. Unfortunatel= y, your suggestion didn't cause it to work...=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E792E92E-6703-46EE-9A23-C358FDCE72F3>