Date: Wed, 6 Dec 2006 16:31:19 +0100 From: Gergely CZUCZY <phoemix@harmless.hu> To: "Roger Miranda (Digital Relay)" <rmiranda@digitalrelay.ca> Cc: freebsd-pf@freebsd.org Subject: Re: PF rdr from one port to another Message-ID: <20061206153119.GA95733@harmless.hu> In-Reply-To: <200612060928.47988.rmiranda@digitalrelay.ca> References: <200612060916.53866.rmiranda@digitalrelay.ca> <20061206152214.GA95527@harmless.hu> <200612060928.47988.rmiranda@digitalrelay.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
--jI8keyz6grp/JLjh Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 06, 2006 at 09:28:47AM -0600, Roger Miranda (Digital Relay) wro= te: > On Wednesday 06 December 2006 09:22, Gergely CZUCZY wrote: > > On Wed, Dec 06, 2006 at 09:16:52AM -0600, Roger Miranda (Digital Relay)= =20 > wrote: > > > Hey Everyone, First time poster here. > > > > > > I have a freebsd 6.1 setup with if_bridge. Two nics. > > > I am running squid on the bridge itself. > > > > > > I having some issues doing the routing with PF. > > > i have: > > > > > > rdr on $int_if inet proto tcp from $net to any port www -> $proxy port > > > 3128 > > > > is $int_if the internal or the bridged interface? > > what is $proxy? >=20 > Sorry about that, >=20 > ext_if=3D"em0" > int_if=3D"em1" > bridge_if=3D"bridge0" > net=3D"192.168.0.0/16" > proxy=3D"127.0.0.1" nice. use brdige_if. i remember somewhere reading about this, the bridge interface should be used for filtering, and not the induvidual interfaces > em0 =3D 192.168.0.74 > em1 =3D 192.168.0.75 > > > > > > pass in log all keep state > > > pass out log all keep state > > > > it'd be wise to specify interfaces also here. > > > > > Now fromt the workstation I type in "http://slashdot.org" and it see = pass > > > through squid, but now it is trying to connect to > > > "http://slashdot.org:3128" > > > > what is "it" that conects to :3128 ? > > 1) it =3D=3D the client > > 2) it =3D=3D the squid proxy > It's the proxy trying to redirect it to :3128, I just see that by looking= at > tcpdump. interesting, it shouldn't. have you configured squid to act as a transproxy on that port, and have pf support built into squid? i think that you must have to use this feature. Bye, Gergely Czuczy mailto: gergely.czuczy@harmless.hu --=20 Weenies test. Geniuses solve problems that arise. --jI8keyz6grp/JLjh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) owGNVb9vHEUUNo4Q0koURvwBTydLIcrtevdsn8+HzgZsJwTJ/AhGEaGI5nbf3g7e ndnMzN5lQ4OoQFAgGgqEKKgRCKWkQdRQ0SOBaFJAjUTBm5m7sxO5oLt7M9/3vvfe 92Y/ffrSyuraL989eOfqJ5998cQ3T703vlo1xohJWDE15SJM4jgJd7d3NjfD7TDZ SgYDjHF7nA92elt4NP39+oEUBoUJT9oah2DwntmoS8bF85AWTGk0o8bk4SBY3Dvk upaaGy7FELgoucDl2YliQueowiORyoyLyRDuNtJgFtaKC8PGJQbBawJuYdaFQ0wh 7nehF8d9YAbi3WFvMNzaefEYwrgfx124KSeo4JgTa8bguUM+4YaVcBNL1l6BmZKj wOAw2ANPKVBnrCVOS43VmLCO2xL3unAd1QTLFg5uv3Vw+20L9+AF/EJFSX+43fuf ikbBqBcT4TnmPXgZWziaomqlwC5c40obMLxCoCYa4ipQYeTvzhE3oGBTBAa5Qhzr DPpRAjSHpoYZNwXw/M5Y8WyCEZzMJAie6mgJZRWoRghqPei7Dc9ACjAFgkcANxrL /IJ8DiBJFte6QQ2ZtBGLVLIx9rfL/fq1RSruVA4fYVKZsvnWadR3eE7mQAM1NUOC SWsqR1awbmMUYKKlDigDs9kMwj1Yp3v3fGhOtpn0BsGCm+slq9VEP1EJarxU56rL fDxnKe471KygIVqoI6eYn8+bUqkW2JgKIzQz3cUBeZ8yjDYPO1jFHQr4lD6Q2IBP NI/5P+4iVWUjyW4vSvqDKI7ijaRvD1xmd9TbseGIaGhiNLtGW90Zd3RRwEFh5U1r 5zCzvqAQs1u01Mp195FpLsoNdCGbMoMxWtoMcupLzks6JXSXmp2BkGbeuqyZ8qyh 5i3hOrDFVzGQUDirYWfLhZPHw9vBXnA29JppTVRQStJZlnCKWIM2zOD5C1b/xTf8 fM1lp37GqStkD11jyvP2nERCanm2LXPuV+XM+crXNpPq1PLS00SuNvSgWWGdwph6 uLGhS6aLTJpIqknH9YQb2iuEUWAlzhlNQYafFH57ujAm3YKScGcko1q3FhJSKQSm 1spz3EVZhtbDnaXchR073HSc8SwLkWhL6O6C921yxeajrtvG28LSktPz6s56j5/5 NXc+ows3zGXtwn6fzgQrzLiyirlZputSl95ttO+CEzRuaUrylDCjgF5AIqTNzZqq JoPaUaA2zlG2c85y4rKJ/HvVysbWk/NJQ7nmsuympyZgND7SQh8HL8s9SpTOrru3 p6Ooc9BN7Z6FcUP2teOXnmmfFoT8L0490CarrHKHo0t2m+x+QI7MNNYkwUstdoNg +erfb9L7bVAx4pVDmPhwlLrwC/Slq0rUOiqaIAhD+xzcQhScfGeo5og+HoJTDk3L WU5dd+lbVmmvhimybRR8uH/pyRX7SV18j9dWf/th5cu1k6/f/6P5+9s3/vng9Nd2 9d/vn3l2svLVSRB99PCVevPzj49/fpClP/7158Of/gM= =/MWx -----END PGP SIGNATURE----- --jI8keyz6grp/JLjh--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061206153119.GA95733>