Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 4 May 2006 00:40:02 -0300 (ART)
From:      Aguiar Magalhaes <magalhj@yahoo.com.br>
To:        freebsd-pf@freebsd.org
Subject:   Something is wrong
Message-ID:  <20060504034002.20589.qmail@web31609.mail.mud.yahoo.com>
next in thread | raw e-mail | index | archive | help 
List,

I have a lot of Windows Internet Explorer browsers in
the   
LAN and they are marked to use the proxy at 3128 port.

The pf and squid are in the same machine. I'm not
using transparent proxy on pf. I don't have any
redirections to proxy.

Some applications in intranet pages use ports like
19336 or 8081 and they don't support the proxy.

I need to tell to pf doesn't send the packages to the
proxy, if the users are accessing those applications
pages, but I'm not have success..

My firewall has only two NICs: $int_if and $ext_if

Could you help me ?  Thanks, Aguiar

The rules are:

- - - - - - - - 
internal_net = "172.16.0.0/12"
fw_ip_int = "172.16.0.9"
fw_ip_ext = "200.x.x.x"
lan_to_int = "{ 25 123 ... etc }

set optimization aggressive
scrub in all
nat on $ext_if from $internal_net to any -> $fw_ip_ext
rdr on $int_if proto tcp from $internal_net to any
port 21 -> 127.0.0.1 port 8081
pass quick on lo0 all
antispoof for $ext_if inet

block log all
pass in on $int_if inet proto tcp from $internal_net
to 127.0.0.1 port 8081 keep state
pass in on $int_if inet proto tcp from $internal_net
to { $fw_ip_int $fw_ip_ext } port 3128 keep state
pass in on $int_if inet proto udp from $internal_net
to any port 53 keep state
pass in on $int_if inet proto tcp from $internal_net
to any port $lan_to_int keep state

# Access permitted out of the proxy (not is ok...)
pass inet proto tcp from { 172.16.1.16 172.16.1.165
172.16.1.203 } to 201.x.x.x port { 80 3128 8081 } keep
state

pass out from $fw_ip_ext to any keep state
- - - - - - - - - - - -


		
_______________________________________________________ 
Novo Yahoo! Messenger com voz: Instale agora e faça ligações de graça. 
http://br.messenger.yahoo.com/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060504034002.20589.qmail>