Date: Wed, 6 Dec 2006 16:42:06 +0100 From: Gergely CZUCZY <phoemix@harmless.hu> To: "Roger Miranda (Digital Relay)" <rmiranda@digitalrelay.ca> Cc: freebsd-pf@freebsd.org Subject: Re: PF rdr from one port to another Message-ID: <20061206154206.GB95890@harmless.hu> In-Reply-To: <200612060937.49554.rmiranda@digitalrelay.ca> References: <200612060916.53866.rmiranda@digitalrelay.ca> <200612060928.47988.rmiranda@digitalrelay.ca> <20061206153119.GA95733@harmless.hu> <200612060937.49554.rmiranda@digitalrelay.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
--+g7M9IMkV8truYOl Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 06, 2006 at 09:37:49AM -0600, Roger Miranda (Digital Relay) wro= te: > On Wednesday 06 December 2006 09:31, you wrote: > > On Wed, Dec 06, 2006 at 09:28:47AM -0600, Roger Miranda (Digital Relay)= =20 > wrote: > > > On Wednesday 06 December 2006 09:22, Gergely CZUCZY wrote: > > > > On Wed, Dec 06, 2006 at 09:16:52AM -0600, Roger Miranda (Digital Re= lay) > > > > > > wrote: > > > > > Hey Everyone, First time poster here. > > > > > > > > > > I have a freebsd 6.1 setup with if_bridge. Two nics. > > > > > I am running squid on the bridge itself. > > > > > > > > > > I having some issues doing the routing with PF. > > > > > i have: > > > > > > > > > > rdr on $int_if inet proto tcp from $net to any port www -> $proxy > > > > > port 3128 > > > > > > > > is $int_if the internal or the bridged interface? > > > > what is $proxy? > > > > > > Sorry about that, > > > > > > ext_if=3D"em0" > > > int_if=3D"em1" > > > bridge_if=3D"bridge0" > > > net=3D"192.168.0.0/16" > > > proxy=3D"127.0.0.1" > > > > nice. use brdige_if. > > i remember somewhere reading about this, the bridge interface > > should be used for filtering, and not the induvidual interfaces > When i do a rdr on $bridge_if, it just seems to bypass everything. > > > > > em0 =3D 192.168.0.74 > > > em1 =3D 192.168.0.75 > > > > > > > > pass in log all keep state > > > > > pass out log all keep state > > > > > > > > it'd be wise to specify interfaces also here. > > > > > > > > > Now fromt the workstation I type in "http://slashdot.org" and it = see > > > > > pass through squid, but now it is trying to connect to > > > > > "http://slashdot.org:3128" > > > > > > > > what is "it" that conects to :3128 ? > > > > 1) it =3D=3D the client > > > > 2) it =3D=3D the squid proxy > > > > > > It's the proxy trying to redirect it to :3128, I just see that by loo= king > > > at tcpdump. > > > > interesting, it shouldn't. have you configured squid to act > > as a transproxy on that port, and have pf support built into squid? > > i think that you must have to use this feature. > Yes. I do have trasparent pf compiled into squid. please also answer the other question. have you made squid to listen on that port as a transparent proxy? and what version of squid is this at all? > > > > Bye, > > > > Gergely Czuczy > > mailto: gergely.czuczy@harmless.hu Bye, Gergely Czuczy mailto: gergely.czuczy@harmless.hu --=20 Weenies test. Geniuses solve problems that arise. --+g7M9IMkV8truYOl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) owGNVr2PG0UUPxLRrJQiPcWTFekSsd7bte/T4Fwgl5AgBVA4lC+JMPa+tYfbndnM zJ6zKagRUAQkKorQIwRCVBRUaShIQ0GPqPgbUODNjL1nmxBdc/LNm/d7v/fxe7MP T51cOXH6yfc/3nn5sy++euHbYHUQFpUxYtQumDrkop3EcdLe2djeidvJRntjI0kG 611cX8+6O6y7denwzycXpTAoTHu/LrEHBu+btTJnXLwCwzFTGk2/Mll7O5jd2+O6 lJobLkUPuMi5wMa2r5jQGar2JTGUKRejHtyrpMG0XSouDBvkGARvC7iBaQh7OIR4 M4ROHG8CMxDv9LpbvfWd165BO96M4xCuyxEquMYJNWVwdo+PuGE5XMec1edgomQ/ MNgLzoOHFKhTVhOmhcZiQL4O2wInIdSysj7eY+bzTBqd7d761jFp9IN+JybAOeRj 8Ol0QngD1QjzGi7efu/i7VuLAM+ll2z2NjrHoNcPLEGPOMVdCnIermANlw5R1VJg CJe50gYMLxCox4Zgx6gwOro/53kVxuwQgUGmEAc6hc0oARqXqoQJN2Pg2d2B4ukI I9ifSBB8qKMFd1aAqoSgKQF9r+IpSAFmjOC9gBuNefac2M5RElWudYUaUmlPLIKS lbG/HY93Ls+H5Y5175moKlWWwxma1Ls8o9lGAyUVTIIZlpSmLOCMPaMDJmqqkDIw mUygfR7O0L379RyWM3aTznawHIfrJoLlSj9RCeqXVHPZp/48Y0PcbTwnY+q/dXfB dhca+65UqgY2oMwJhplwwUqipnj97l4Li7g1PfQk/GEyO/Thp+f+n8aBcrenyU4n Sja3oziK15LNmdFxcubOljVFHtJZqfc0BZW22aXcwfuecFBYeGXYTk7stNERs6uj SYbrcGEuZoVxCHosqzyFAVr4FDKqYsZzukEIIbUpBSHNtNBpdcjTikrdQGjCuDFG QURSamozAU0VQhpD+LAiUWjEQtvWD+qSaQ1oRUPkxCgK5gpdxEBFgKMaba03pmTZ tLHQJFdFC80F5JLyz3M4QCxBG2Zw+ZKtzf/fOpo2s+qqM+FUfWKvSxzyrJ4rASFo uajzuVhvyYmbfF/DiVQHNg7tftKgoRfDkm2NjSl7a2s6Z3qcShNJNWq52lPx+gFV bpm8GZNER2Ov+xAGlIugQNyNt1G1E7KEoRQCh1ZwcwDPitazSmv9h/5MMC1uWk4V FpEAXR+dDxypKznn6Hb3bJNsssOc05vW2DvLdr+05oQ/vXrVrGp3wZnm0lGYcmXz 4aYhEFIdZ/PlKQ5q6iu9bAfkNUWkU9pAaVWUR7PmGojauDknQC8EsWoiv5fta0fZ ZnxUUdwpWbu5hj4lRo0nbvRee5pu+VIgu7i8cBxMmYGuSrfNBhUJy8aVHm13KmEr ggPvbIMWNhvnSxet5q2CIUNmKj9it1BHlDUJzt9STJdMUaltsKEsSp77/TeNEwVl joyA3KAS4Qn6VSnpj6IPDFsFKebyLliKTcZBzuklEwsJzmc/De1Xqs3bTQ2pW9sp l9kUyA6mTYRsJLndoGnE6zWGzT/Nm/6gGj7wY1EwKpvswciboqEzXaBvqyJHraNx FQQOI1hyPo5ju22/Pm4gCk5KNlSJiDgITnXXtFLzQzeF9Nlld5fNiylaBFHw8e7J F1fs19/s2/H0iY/eX3l05ZPPf98/9cd3D38xvz7++6ebT9/8cmXl0Z1Xn96UH/zw 8z8vnf3tr/LTry88/ob9Cw== =IwQs -----END PGP SIGNATURE----- --+g7M9IMkV8truYOl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061206154206.GB95890>