From owner-freebsd-questions@FreeBSD.ORG Mon Mar 9 14:04:17 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0B1B7A98 for ; Mon, 9 Mar 2015 14:04:17 +0000 (UTC) Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6CA0AD2F for ; Mon, 9 Mar 2015 14:04:16 +0000 (UTC) Received: by lbiz11 with SMTP id z11so45264647lbi.3 for ; Mon, 09 Mar 2015 07:04:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=S160egkzSOHlqQg/fzfKBV7jQ28PK6+I2Mans9Zrid4=; b=Fi0S9vn62BmJZbRKbJzbLocd14k/xDoNfxHMTMKB9Y6xCxBtSLgq5GRgyoJ60KvCG3 BSSjIoj/mcUpq7Yxhx/Z+jA4ggGuTXHn6QdVvzoV+lkXadAGzLS+nRA9MxVWPSCAbf8t 9CYTjUG/4GdCMQoklZFyKdD9Ccic+WpW/qrFF9BfJOzzHh0pOqYQCJIUSt9ZuC+n4Hna GEZe4OxRYBRsntp/GEWY3XZF/lXTS+KihqOU0IW9SDaCV7KwObBc0eTjnoTfWGZ+l5Q6 KJvlEayUt5A1OjuY0kL5KWA49/fbsgjo7mEIv8INsZSC4p/70pZia05Os/vWSaQtDl9F BWfw== X-Received: by 10.152.18.225 with SMTP id z1mr26315778lad.124.1425909854449; Mon, 09 Mar 2015 07:04:14 -0700 (PDT) MIME-Version: 1.0 Received: by 10.112.89.170 with HTTP; Mon, 9 Mar 2015 07:03:54 -0700 (PDT) From: Monah Baki Date: Mon, 9 Mar 2015 10:03:54 -0400 Message-ID: Subject: FreeBSD PF question To: FreeBSD Questions Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Mar 2015 14:04:17 -0000 Hi All, I have a freebsd 10.1 server with a single interface (bge0) running squid in intercept mode. There is a Cisco device doing the policy routing. interface GigabitEthernet0/0/1.1 encapsulation dot1Q 1 native ip address 10.0.0.9 255.255.255.0 no ip redirects no ip unreachables ip nat inside standby 1 ip 10.0.0.10 standby 1 priority 120 standby 1 preempt standby 1 name HSRP ip policy route-map CFLOW ip access-list extended REDIRECT deny tcp host 10.0.0.24 any eq www permit tcp host 10.0.0.23 any eq www route-map CFLOW permit 10 match ip address REDIRECT set ip next-hop 10.0.0.24 My squid.conf has the following: http_port 3128 http_port 3129 intercept My pf.conf has the following: rdr on bge0 inet proto tcp from 10.0.0.0/8 to any port 80 -> 10.0.0.24 port 3129 # block in pass in log quick on bge0 pass out log quick on bge0 pass out keep state User gets an access denied on browsing, and in my cache.log file, I see: WARNING: Forwarding loop detected for: Any help/guidance is appreciated. Thanks