Date: Wed, 18 May 2005 23:28:03 -0500 From: Greg Donald <destiney@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: pf + squid Message-ID: <ea9da26c050518212856d0fd0b@mail.gmail.com> In-Reply-To: <9e46c99e05051815235c4a5749@mail.gmail.com> References: <ea9da26c050518092667205bbc@mail.gmail.com> <9e46c99e05051809595a16c9e@mail.gmail.com> <ea9da26c0505181154323f154a@mail.gmail.com> <9e46c99e05051815235c4a5749@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/18/05, Tomas Quintero <tomasq@gmail.com> wrote: > I use PF myself. I've disabled my ipfw and natd stuff in rc.conf. Trying only with pf now. I'm still having problems getting this to work. Most sites I go to fail to load, google.com for example. Other sites, the HTML loads but not the images, slashdot.org for example. See anything wrong with my conf files ? squid.conf: acl all src 0.0.0.0/0.0.0.0 acl our_networks src 10.0.0.0/8 acl to_localhost dst 127.0.0.0/8 http_port 127.0.0.1:3128 http_access deny to_localhost http_access allow our_networks visible_hostname gateway.localdomain httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on pf.conf: ext_if=3D"dc0" int_if=3D"dc1" internal_net=3D"10.0.0.0/8" external_addr=3D"24.159.59.97" rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 31= 28 pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep stat= e pass out on $ext_if inet proto tcp from any to any port www keep state my pf setting from rc.conf: pf_enable=3D"YES" pf_rules=3D"/etc/pf.conf" pf_flags=3D"" pflog_enable=3D"YES" pflog_logfile=3D"/var/log/pflog" pflog_flags=3D"" gateway_enable=3D"YES" With these settings I have no NAT and most of the sites I try I can't reach, it acts lik eI'm trying to access a broekn DNS server or something. I have a local DNS server 10.0.0.2 that works fine with my old ipfw setup. I read in the pf docs that gateway_enable=3D"YES" activates a pf NAT or something to that effect. Is there more to do?=20 Seems I have _something_ working, but it's not working 100% yet. Or better yet does anyone have a transparent proxy setup they might share their conf files from with me? I'll do the diff :) Thanks, --=20 Greg Donald Zend Certified Engineer http://destiney.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ea9da26c050518212856d0fd0b>