Date: Mon, 9 Mar 2015 10:57:14 -0400 From: Monah Baki <monahbaki@gmail.com> To: krad <kraduk@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: FreeBSD PF question Message-ID: <CALP3=x-WCpA6Kg3cKsa8PzeukiSVw%2BVQoaDgPe78atD=YfmVTg@mail.gmail.com> In-Reply-To: <CALfReydf2pnVm-URsNDf2SVSwcpHH9xEb-qXtC5LGOOtJ-O-8w@mail.gmail.com> References: <CALP3=x9851YUUu5rsMhc=tAYEZ4ma3xJZJUQFG8FqOhbJ%2BT_sQ@mail.gmail.com> <CALfReyfqr-%2B4OxJ9BSUU6y-o9MaYs%2BJiSMQv7EWAGPTYqiuAcQ@mail.gmail.com> <CALP3=x8x1RsRTCZvHNtrdtBXU6KVWXiXnJq=GF%2BCsqqDNe5OJw@mail.gmail.com> <CALfReydf2pnVm-URsNDf2SVSwcpHH9xEb-qXtC5LGOOtJ-O-8w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm a not a cisco person, but "no ip redirect" shouldn't that take care of it? Thanks On Mon, Mar 9, 2015 at 10:46 AM, krad <kraduk@gmail.com> wrote: > yes the squid box needs to be whitelisted for no redirection > > On 9 March 2015 at 14:27, Monah Baki <monahbaki@gmail.com> wrote: > >> Should I do this on the cisco itself? >> >> On Mon, Mar 9, 2015 at 10:24 AM, krad <kraduk@gmail.com> wrote: >> >>> It sounds like your cisco isnt letting the squid web traffic out and >>> redirecting it back to itself. You need to exclude the squid proxyies >>> address from redirection >>> >>> On 9 March 2015 at 14:03, Monah Baki <monahbaki@gmail.com> wrote: >>> >>>> Hi All, >>>> >>>> I have a freebsd 10.1 server with a single interface (bge0) running >>>> squid >>>> in intercept mode. There is a Cisco device doing the policy routing. >>>> >>>> interface GigabitEthernet0/0/1.1 >>>> >>>> encapsulation dot1Q 1 native >>>> >>>> ip address 10.0.0.9 255.255.255.0 >>>> >>>> no ip redirects >>>> >>>> no ip unreachables >>>> >>>> ip nat inside >>>> >>>> standby 1 ip 10.0.0.10 >>>> >>>> standby 1 priority 120 >>>> >>>> standby 1 preempt >>>> >>>> standby 1 name HSRP >>>> >>>> ip policy route-map CFLOW >>>> >>>> >>>> >>>> ip access-list extended REDIRECT >>>> >>>> deny tcp host 10.0.0.24 any eq www >>>> >>>> permit tcp host 10.0.0.23 any eq www >>>> >>>> >>>> >>>> route-map CFLOW permit 10 >>>> >>>> match ip address REDIRECT >>>> set ip next-hop 10.0.0.24 >>>> >>>> My squid.conf has the following: >>>> http_port 3128 >>>> http_port 3129 intercept >>>> >>>> >>>> >>>> My pf.conf has the following: >>>> >>>> rdr on bge0 inet proto tcp from 10.0.0.0/8 to any port 80 -> 10.0.0.24 >>>> port >>>> 3129 >>>> # block in >>>> pass in log quick on bge0 >>>> pass out log quick on bge0 >>>> pass out keep state >>>> >>>> >>>> >>>> User gets an access denied on browsing, and in my cache.log file, I see: >>>> WARNING: Forwarding loop detected for: >>>> >>>> >>>> >>>> Any help/guidance is appreciated. >>>> >>>> >>>> Thanks >>>> _______________________________________________ >>>> freebsd-questions@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>>> To unsubscribe, send any mail to " >>>> freebsd-questions-unsubscribe@freebsd.org" >>>> >>> >>> >> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALP3=x-WCpA6Kg3cKsa8PzeukiSVw%2BVQoaDgPe78atD=YfmVTg>