From owner-freebsd-pf@FreeBSD.ORG Thu May 4 06:37:21 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1C5A16A400 for ; Thu, 4 May 2006 06:37:21 +0000 (UTC) (envelope-from solinym@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.180]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3CADE43D49 for ; Thu, 4 May 2006 06:37:21 +0000 (GMT) (envelope-from solinym@gmail.com) Received: by py-out-1112.google.com with SMTP id e30so440161pya for ; Wed, 03 May 2006 23:37:20 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=IdOxcPp4uOESewZI+Hwo6mjE/Sc91ms8uYsdLIIcnpqXvxi1IL+7XVBJeQdAPzsC2ynW7/78iUivXn+MaXqADVL8gGbQ1u9EBoyuPvGWaRznw8hUlULb5b0r5NAUSQUTuH/BPhqO/ULd7sBfmYvMdCJxec6IHtIwFfGyim1Yftc= Received: by 10.35.66.12 with SMTP id t12mr383328pyk; Wed, 03 May 2006 23:31:07 -0700 (PDT) Received: by 10.35.30.16 with HTTP; Wed, 3 May 2006 23:31:07 -0700 (PDT) Message-ID: Date: Thu, 4 May 2006 01:31:07 -0500 From: "Travis H." To: "Max Laier" In-Reply-To: <200605040733.06283.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20060504034002.20589.qmail@web31609.mail.mud.yahoo.com> <200605040733.06283.max@love2party.net> Cc: freebsd-pf@freebsd.org Subject: Re: Something is wrong X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 May 2006 06:37:22 -0000 On 5/4/06, Max Laier wrote: > On Thursday 04 May 2006 05:40, Aguiar Magalhaes wrote: > > I have a lot of Windows Internet Explorer browsers in > > the > > LAN and they are marked to use the proxy at 3128 port. > > > > The pf and squid are in the same machine. I'm not > > using transparent proxy on pf. I don't have any > > redirections to proxy. > > and there is your problem. If your client is configured to use the proxy= it > will just do that. That means it won't even attempt to make a direct > connection to any server. IIRC you can configure ie to exclude certain I= P > ranges or domains from being proxied. Yes, you can exclude domains. You might even be able to do so via a group policy, and push it out to all the clients at once, or something. I don't know, it's not a pf problem. > Another > one is to fix the configuration of your proxy. Specifically, you need to look at the part of your squid.conf where it defines "safe_ports", and configure it to allow requests to all ports, not just the "safe" ones. This is not a pf problem either. Along the way you'll notice that there are three kinds of requests made to HTTP proxies (not including WebDAV). There's GET and POST, which has the proxy do HTTP, and a CONNECT request, which just does a raw TCP connection to the target. You may need to use that for some of these ports. Good luck. -- "Curiousity killed the cat, but for a while I was a suspect" -- Steven Wrig= ht Security Guru for Hire http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484