Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Nov 2012 10:13:29 +0100
From:      Leslie Jensen <leslie@eskk.nu>
To:        Volodymyr Kostyrko <c.kworr@gmail.com>
Cc:        freebsd questions list <freebsd-questions@freebsd.org>
Subject:   Re: Anyone using squid and pf?
Message-ID:  <50B48439.40101@eskk.nu>
In-Reply-To: <50B3D603.6050904@gmail.com>
References:  <50B0EA28.7060904@eskk.nu> <50B338B2.3090600@gmail.com> <50B3B788.6040801@eskk.nu> <50B3D603.6050904@gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help


Volodymyr Kostyrko skrev 2012-11-26 21:50:

>>
>> rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
>>
>> # redirect www trafic to proxy
>> rdr on $int_if inet proto tcp from $internal_net to any port
>> $proxy_services -> $proxy port 8080
>
> I could be wrong here but I think you have a loop. You are redirecting
> from local interface to local interface i.e. the result of redirect is
> still subject for redirect. Could you try one of the following:
>
> 1. Make this a `rdr in on $int_if`.
>
> 2. Make this a `rdr pass ... -> 127.0.0.1 port 8080`. I prefer this way
> so port for transparent forwarding is unreachable except when explicitly
> redirecting to it.
>
> Personally I newer allow such ambiguity in my configs.
>

Thanks!

I'll try it out. I need to wait until tonight, the machine is in use at 
the moment.

#1 I see your point.

#2 this rule is for intended ftp traffic. That's why I'm sending to 
another port number.

/Leslie



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?50B48439.40101>