Date: Sun, 31 Jul 2005 15:35:46 -0300 (BRT) From: "Giovanni P. Tirloni" <gpt@tirloni.org> To: "Abu Khaled" <khaled.abu@gmail.com> Cc: pf@freebsd.org Subject: Re: rdr not working for transparent http - 5.4-stable Message-ID: <1415.201.3.86.223.1122834946.squirrel@webmail.bs2.com.br> In-Reply-To: <a64c109e0507302318339c9ce@mail.gmail.com> References: <42E8D3D5.4030300@tirloni.org> <200507281458.56534.max@love2party.net> <42E8DBC6.6060907@tirloni.org> <42EB7A2A.3080701@tirloni.org> <a64c109e050730155021f6551d@mail.gmail.com> <42EC2DCE.4090009@tirloni.org> <a64c109e0507302318339c9ce@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Abu Khaled disse: > On 7/31/05, Giovanni P. Tirloni <gpt@tirloni.org> wrote: >> I think there's something in the code that makes it not work because I >> set ipfw to accept by default on every machine I have. There must be >> something else. >> > > Sounds confusing !!! > > Do you mind providing you ipfw/pf rules and the output of: > # squid -v > # ls -l /dev/pf > > Just to have a look at them while I scratch my head (to express the > confused system administrator emotion). 1. pf is enabled: device pf 2. ipfw is enabled and accepts by default options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT 3. I've no ipfw rules. ipfw is only compiled in and has just one rule to accept everything (implied by kernel option) ipfw was just sitting there doing nothing useful for me and pf rdr didn't work (nat and block/pass worked). I removed ipfw from my kernel config and now pf rdr works. Squid is running in transparent mode. Now everything works and I'll try to simulate this behaviour on a lab machine just not to annoy the customer anymore. I'll let the list know about the results. Sorry about confusing it all.. thanks everybody. -- Giovanni P. Tirloni
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1415.201.3.86.223.1122834946.squirrel>