Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 18 May 2005 12:59:27 -0400
From:      Tomas Quintero <tomasq@gmail.com>
To:        Greg Donald <destiney@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: pf + squid
Message-ID:  <9e46c99e05051809595a16c9e@mail.gmail.com>
In-Reply-To: <ea9da26c050518092667205bbc@mail.gmail.com>
References:  <ea9da26c050518092667205bbc@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 5/18/05, Greg Donald <destiney@gmail.com> wrote:
> I am following this howto:
> http://www.benzedrine.cx/transquid.html
>=20
> I added pf and pflog to my kernel.  After rebooting I did chgrp squid
> /dev/pf and chmod g+rw /dev/pf.  I also restarted squid several times.
> When I try to access a remote web server it times out.  I'm not
> getting any errors in /var/log/pflog or /var/log/messages.
>=20
> My config files look like this:
>=20
> > cat /etc/pf.conf |grep -v ^#
>=20
> ext_if=3D"dc0"    # replace with actual external interface name i.e., dc0
> int_if=3D"dc1"    # replace with actual internal interface name i.e., dc1
> internal_net=3D"10.0.0.1/8"
> external_addr=3D"24.159.59.97"
>=20
> rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port =
3128
> pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep st=
ate
> pass out on $ext_if inet proto tcp from any to any port www keep state
>=20
> > cat /usr/local/etc/squid/squid.conf |grep -v ^#
> acl all src 0.0.0.0/0.0.0.0
> acl our_networks src 10.0.0.0/8
> acl to_localhost dst 127.0.0.0/8
> http_port 127.0.0.1:3128
> http_access deny to_localhost
> http_access allow our_networks
> visible_hostname gateway.localdomain
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>=20
> I am using ipfw to create my NAT, I don't know if that matters, but
> here are my config files for that as well:
>=20
> > cat /etc/rc.firewall |grep -v ^#
>=20
> ipfw -f flush
>=20
> ipfw pipe 10 config bw 12KBytes/s
> ipfw add 50 pipe 10 ip from 10.0.0.2 to any via dc1
>=20
> ipfw pipe 11 config bw 24KBytes/s
> ipfw add 51 pipe 11 ip from 10.0.0.3 to any via dc1
>=20
> ipfw pipe 12 config bw 12KBytes/s
> ipfw add 52 pipe 12 ip from 10.0.0.4 to any via dc1
> ipfw pipe 13 config bw 64KBytes/s
> ipfw add 53 pipe 13 ip from any to 10.0.0.4 via dc1
>=20
> ipfw add 200 pass all from any to any via lo0
> ipfw add 201 deny ip from any to 127.0.0.0/8
>=20
> ipfw add 500 divert natd all from any to any via dc0
>=20
> > cat /etc/natd.conf |grep -v ^#
> interface dc0
> dynamic
> use_sockets
> unregistered_only
> punch_fw 2000:50
> redirect_port tcp 10.0.0.2:20-21 20-21
> redirect_port tcp 10.0.0.2:22 22
> redirect_port tcp 10.0.0.2:80 80
> redirect_port tcp 10.0.0.2:113 113
>=20
> redirect_port tcp 10.0.0.2:3333 3333
> redirect_port tcp 10.0.0.2:2010-2020 2010-2020
>=20
> Any ideas?  TIA.
>=20
> --
> Greg Donald
> Zend Certified Engineer
> http://destiney.com/
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o=
rg"
>=20
Why are you using IPFW and PF?

--=20
-Tomas Quintero



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9e46c99e05051809595a16c9e>