Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 28 Jul 2005 14:58:50 +0200
From:      Max Laier <max@love2party.net>
To:        freebsd-pf@freebsd.org
Subject:   Re: rdr not working for transparent http - 5.4-stable
Message-ID:  <200507281458.56534.max@love2party.net>
In-Reply-To: <42E8D3D5.4030300@tirloni.org>
References:  <42E8D3D5.4030300@tirloni.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Thursday 28 July 2005 14:47, Giovanni P. Tirloni wrote:
> Hello,
>
>   I've deployed dozens of gateways with transparent HTTP proxy but this
> time it isn't working and I suspect pf is somehow involved in this.
> Packets aren't being redirected anywhere. I've disabled filtering
> totally to debug this.
>
>   I've a rule to redirect every connection attempt to port 80 to
> 127.0.0.1 port 3128:
>
>   rdr on $lan_if proto tcp from { $lan_net } to any port 80 -> 127.0.0.1
> port 3128
>
>   In squid.conf I've enabled this:
>
>   httpd_accel_host virtual
>   httpd_accel_port 80
>   httpd_accel_with_proxy on
>   httpd_accel_uses_host_header on
>
>
>   The rdr rule is being matched and with tcpdump I see packets coming
> into the $lan_if but nothing gets to $ext_if or loopback. They simply
> disappear (and the originating machine doesn't get a answer back).
>
>   Running tcpdump on pflog0 doesn't show anything either (as expected
> since there's no filter rule).
>
>   This was happening on 5.3-STABLE and I updated the system to
> 5.4-STABLE this week. Both $int_if and $ext_if are vr interfaces.
>
>   Weird enough.. this works on every other box except this and another
> one. And nothing fixes it.
>
>   Any way to debug this ? I've run out of ideas.

One thing comes to my mind: What does
    $sysctl net.inet.ip.forwarding
say?

> Thanks in advance,

-- 
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQBC6NaQXyyEoT62BG0RAohGAKCASdjTipKd2onO59Nol8YJkLIP1wCdEIho
QNCgvs36tIsQP+HTgRS/RmY=
=yxYj
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507281458.56534.max>