From owner-freebsd-questions@FreeBSD.ORG  Tue Nov 27 17:50:03 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id A404AB69
 for <freebsd-questions@freebsd.org>; Tue, 27 Nov 2012 17:50:03 +0000 (UTC)
 (envelope-from dougs@dawnsign.com)
Received: from mailfilter.dawnsign.com (hydra.dawnsign.com [69.198.101.212])
 by mx1.freebsd.org (Postfix) with ESMTP id 7C3088FC08
 for <freebsd-questions@freebsd.org>; Tue, 27 Nov 2012 17:50:02 +0000 (UTC)
Received: from mailfilter.dawnsign.com (localhost [127.0.0.1])
 by mailfilter.dawnsign.com (Postfix) with ESMTP id 36B5F959CE
 for <freebsd-questions@freebsd.org>; Tue, 27 Nov 2012 09:34:48 -0800 (PST)
Received: from Draco.dawnsign.com (draco.dawnsign.com [192.168.101.33])
 by mailfilter.dawnsign.com (Postfix) with ESMTP id 1B9BF959BE
 for <freebsd-questions@freebsd.org>; Tue, 27 Nov 2012 09:34:47 -0800 (PST)
Received: from DRACO.dawnsign.com ([fe80::6062:7fef:2376:a729]) by
 Draco.dawnsign.com ([fe80::6062:7fef:2376:a729%10]) with mapi id
 14.02.0318.004; Tue, 27 Nov 2012 09:34:47 -0800
From: Doug Sampson <dougs@dawnsign.com>
To: freebsd questions list <freebsd-questions@freebsd.org>
Subject: RE: Anyone using squid and pf?
Thread-Topic: Anyone using squid and pf?
Thread-Index: AQHNylnbDCjBBNGrEk6TUpRXMm76GZf8ZSAAgACXMwCAAPkMgA==
Date: Tue, 27 Nov 2012 17:34:47 +0000
Message-ID: <E6B2517F8D6DBF4CABB8F38ACA367E782A5D6ABC@Draco.dawnsign.com>
References: <50B0EA28.7060904@eskk.nu> <50B338B2.3090600@gmail.com>
 <50B3B788.6040801@eskk.nu>
In-Reply-To: <50B3B788.6040801@eskk.nu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.8.0.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Virus-Scanned: ClamAV using ClamSMTP
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2012 17:50:03 -0000

[...]

> Rules from pf.conf
>=20
> --------------------------------------------
> # macros
> ext_if=3D"xl0"
> int_if=3D"bge0"
>=20
> tcp_services=3D"{ 22, 993, 5910:5917 }"
> tcp_priv_services=3D"{ 389, 443 }"
> proxy_services =3D "{ 21, 80 }"
> icmp_types=3D"{ echoreq unreach squench timex }"
> internal_net =3D "172.18.0.0/16"
> proxy =3D "172.18.0.1"
> proxyport=3D"8021"
       ^
No whitespace here

>=20
> # tables
> table <goodguys> persist
> table <sshguard> persist
>=20
> # options
> set block-policy return     # ports are closed but can be seen
> set loginterface $ext_if
>=20
> set skip on lo0
>=20
> # scrub
> scrub in
>=20
> rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
>=20
> # redirect www trafic to proxy
> rdr on $int_if inet proto tcp from $internal_net to any port
> $proxy_services -> $proxy port 8080
                           ^
Whitespace here. Maybe that's the issue here?

> # ext_if IP address could be dynamic, hence ($ext_if)
> nat on $ext_if from !($ext_if) to any -> ($ext_if)

[...]