Date: Thu, 4 May 2006 08:22:58 +0100 From: "Greg Hennessy" <Greg.Hennessy@nviz.net> To: "'Aguiar Magalhaes'" <magalhj@yahoo.com.br>, <freebsd-pf@freebsd.org> Subject: RE: Something is wrong Message-ID: <000b01c66f4b$91dcb9f0$0a00a8c0@thebeast> In-Reply-To: <20060504034002.20589.qmail@web31609.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Some applications in intranet pages use ports like > 19336 or 8081 and they don't support the proxy. > > I need to tell to pf This is not a pf issue, apart from get rid of set optimization aggressive The defaults are more than adequate. add set block-policy return So applications can tell you if the packet filter is getting in their way. & assuming you're running 6 or later Get rid of pass quick on lo0 And replace it with Set skip on lo0 You need to configure either a local exclusion list through group policy and/or create a proxy.pac file for each client and use it. If the proxy server has a routed connection to the intranet, it shouldn't matter what the destination port for the http server is. Given you run a default policy of block, you do not appear to have a pass out Rule on the inside interface permitting squid to connect to the intranet servers. Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000b01c66f4b$91dcb9f0$0a00a8c0>