From owner-freebsd-pf@FreeBSD.ORG Thu May 4 03:40:04 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3242016A402 for ; Thu, 4 May 2006 03:40:04 +0000 (UTC) (envelope-from magalhj@yahoo.com.br) Received: from web31609.mail.mud.yahoo.com (web31609.mail.mud.yahoo.com [68.142.198.155]) by mx1.FreeBSD.org (Postfix) with SMTP id B68DC43D45 for ; Thu, 4 May 2006 03:40:03 +0000 (GMT) (envelope-from magalhj@yahoo.com.br) Received: (qmail 20592 invoked by uid 60001); 4 May 2006 03:40:02 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.br; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=VxijiYJRntK0lVTo7UHRul4EvVgWOnAjFZiB4pPvp9RmaKPw8MwnbOvbTFAjo6jzb3HxlAc/9Qdvjj1BzpRj2YGFguLHDpTvyRMrvdXANhIqyCPrRlU6cbdMvyTUcL84+TNUs6o6u7p09QUzC8r/nUe/jzoTpfSPbREnqZBx1Zs= ; Message-ID: <20060504034002.20589.qmail@web31609.mail.mud.yahoo.com> Received: from [201.19.191.242] by web31609.mail.mud.yahoo.com via HTTP; Thu, 04 May 2006 00:40:02 ART Date: Thu, 4 May 2006 00:40:02 -0300 (ART) From: Aguiar Magalhaes To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Something is wrong X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 May 2006 03:40:04 -0000 List, I have a lot of Windows Internet Explorer browsers in the LAN and they are marked to use the proxy at 3128 port. The pf and squid are in the same machine. I'm not using transparent proxy on pf. I don't have any redirections to proxy. Some applications in intranet pages use ports like 19336 or 8081 and they don't support the proxy. I need to tell to pf doesn't send the packages to the proxy, if the users are accessing those applications pages, but I'm not have success.. My firewall has only two NICs: $int_if and $ext_if Could you help me ? Thanks, Aguiar The rules are: - - - - - - - - internal_net = "172.16.0.0/12" fw_ip_int = "172.16.0.9" fw_ip_ext = "200.x.x.x" lan_to_int = "{ 25 123 ... etc } set optimization aggressive scrub in all nat on $ext_if from $internal_net to any -> $fw_ip_ext rdr on $int_if proto tcp from $internal_net to any port 21 -> 127.0.0.1 port 8081 pass quick on lo0 all antispoof for $ext_if inet block log all pass in on $int_if inet proto tcp from $internal_net to 127.0.0.1 port 8081 keep state pass in on $int_if inet proto tcp from $internal_net to { $fw_ip_int $fw_ip_ext } port 3128 keep state pass in on $int_if inet proto udp from $internal_net to any port 53 keep state pass in on $int_if inet proto tcp from $internal_net to any port $lan_to_int keep state # Access permitted out of the proxy (not is ok...) pass inet proto tcp from { 172.16.1.16 172.16.1.165 172.16.1.203 } to 201.x.x.x port { 80 3128 8081 } keep state pass out from $fw_ip_ext to any keep state - - - - - - - - - - - - _______________________________________________________ Novo Yahoo! Messenger com voz: Instale agora e faça ligações de graça. http://br.messenger.yahoo.com/