From owner-freebsd-questions@FreeBSD.ORG Thu May 19 04:28:06 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAF0716A4CE for ; Thu, 19 May 2005 04:28:06 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1637B43DC8 for ; Thu, 19 May 2005 04:28:04 +0000 (GMT) (envelope-from destiney@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so477020wri for ; Wed, 18 May 2005 21:28:03 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=XFZtzmkq6sF9Hrz3G9JXL+Njq7eFRCr94UjIyRp7017fYB2AJK7+KsXzguDgbSA0Oqmo8QGd0aMZR21gtizdwJnwSKMR9nSOCOFeq4yIQ/Xp/Vq+wC25pF8SUPoxJuCKZ6GpDiP4FqgZvYdnhD6TzaAX1e69/rcHAQ2HZBG1uw4= Received: by 10.54.46.37 with SMTP id t37mr144888wrt; Wed, 18 May 2005 21:28:03 -0700 (PDT) Received: by 10.54.4.30 with HTTP; Wed, 18 May 2005 21:28:03 -0700 (PDT) Message-ID: Date: Wed, 18 May 2005 23:28:03 -0500 From: Greg Donald To: freebsd-questions@freebsd.org In-Reply-To: <9e46c99e05051815235c4a5749@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <9e46c99e05051809595a16c9e@mail.gmail.com> <9e46c99e05051815235c4a5749@mail.gmail.com> Subject: Re: pf + squid X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Greg Donald List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 May 2005 04:28:06 -0000 On 5/18/05, Tomas Quintero wrote: > I use PF myself. I've disabled my ipfw and natd stuff in rc.conf. Trying only with pf now. I'm still having problems getting this to work. Most sites I go to fail to load, google.com for example. Other sites, the HTML loads but not the images, slashdot.org for example. See anything wrong with my conf files ? squid.conf: acl all src 0.0.0.0/0.0.0.0 acl our_networks src 10.0.0.0/8 acl to_localhost dst 127.0.0.0/8 http_port 127.0.0.1:3128 http_access deny to_localhost http_access allow our_networks visible_hostname gateway.localdomain httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on pf.conf: ext_if=3D"dc0" int_if=3D"dc1" internal_net=3D"10.0.0.0/8" external_addr=3D"24.159.59.97" rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 31= 28 pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep stat= e pass out on $ext_if inet proto tcp from any to any port www keep state my pf setting from rc.conf: pf_enable=3D"YES" pf_rules=3D"/etc/pf.conf" pf_flags=3D"" pflog_enable=3D"YES" pflog_logfile=3D"/var/log/pflog" pflog_flags=3D"" gateway_enable=3D"YES" With these settings I have no NAT and most of the sites I try I can't reach, it acts lik eI'm trying to access a broekn DNS server or something. I have a local DNS server 10.0.0.2 that works fine with my old ipfw setup. I read in the pf docs that gateway_enable=3D"YES" activates a pf NAT or something to that effect. Is there more to do?=20 Seems I have _something_ working, but it's not working 100% yet. Or better yet does anyone have a transparent proxy setup they might share their conf files from with me? I'll do the diff :) Thanks, --=20 Greg Donald Zend Certified Engineer http://destiney.com/