Date: Wed, 6 Dec 2006 09:45:29 -0600 From: "Roger Miranda (Digital Relay)" <rmiranda@digitalrelay.ca> To: Gergely CZUCZY <phoemix@harmless.hu> Cc: freebsd-pf@freebsd.org Subject: Re: PF rdr from one port to another Message-ID: <200612060945.30335.rmiranda@digitalrelay.ca> In-Reply-To: <20061206154206.GB95890@harmless.hu> References: <200612060916.53866.rmiranda@digitalrelay.ca> <200612060937.49554.rmiranda@digitalrelay.ca> <20061206154206.GB95890@harmless.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 06 December 2006 09:42, Gergely CZUCZY wrote: > On Wed, Dec 06, 2006 at 09:37:49AM -0600, Roger Miranda (Digital Relay) wrote: > > On Wednesday 06 December 2006 09:31, you wrote: > > > On Wed, Dec 06, 2006 at 09:28:47AM -0600, Roger Miranda (Digital Relay) > > > > wrote: > > > > On Wednesday 06 December 2006 09:22, Gergely CZUCZY wrote: > > > > > On Wed, Dec 06, 2006 at 09:16:52AM -0600, Roger Miranda (Digital > > > > > Relay) > > > > > > > > wrote: > > > > > > Hey Everyone, First time poster here. > > > > > > > > > > > > I have a freebsd 6.1 setup with if_bridge. Two nics. > > > > > > I am running squid on the bridge itself. > > > > > > > > > > > > I having some issues doing the routing with PF. > > > > > > i have: > > > > > > > > > > > > rdr on $int_if inet proto tcp from $net to any port www -> $proxy > > > > > > port 3128 > > > > > > > > > > is $int_if the internal or the bridged interface? > > > > > what is $proxy? > > > > > > > > Sorry about that, > > > > > > > > ext_if="em0" > > > > int_if="em1" > > > > bridge_if="bridge0" > > > > net="192.168.0.0/16" > > > > proxy="127.0.0.1" > > > > > > nice. use brdige_if. > > > i remember somewhere reading about this, the bridge interface > > > should be used for filtering, and not the induvidual interfaces > > > > When i do a rdr on $bridge_if, it just seems to bypass everything. > > > > > > em0 = 192.168.0.74 > > > > em1 = 192.168.0.75 > > > > > > > > > > pass in log all keep state > > > > > > pass out log all keep state > > > > > > > > > > it'd be wise to specify interfaces also here. > > > > > > > > > > > Now fromt the workstation I type in "http://slashdot.org" and it > > > > > > see pass through squid, but now it is trying to connect to > > > > > > "http://slashdot.org:3128" > > > > > > > > > > what is "it" that conects to :3128 ? > > > > > 1) it == the client > > > > > 2) it == the squid proxy > > > > > > > > It's the proxy trying to redirect it to :3128, I just see that by > > > > looking at tcpdump. > > > > > > interesting, it shouldn't. have you configured squid to act > > > as a transproxy on that port, and have pf support built into squid? > > > i think that you must have to use this feature. > > > > Yes. I do have trasparent pf compiled into squid. > > please also answer the other question. have you made squid to > listen on that port as a transparent proxy? > and what version of squid is this at all? squid is listeing on port :3128 and i do have transparent proxy enabled. I am using squid 2.6 > > > > Bye, > > > > > > Gergely Czuczy > > > mailto: gergely.czuczy@harmless.hu > > Bye, > > Gergely Czuczy > mailto: gergely.czuczy@harmless.hu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612060945.30335.rmiranda>