Date: Thu, 28 Jul 2005 09:47:17 -0300 From: "Giovanni P. Tirloni" <gpt@tirloni.org> To: pf@freebsd.org Subject: rdr not working for transparent http - 5.4-stable Message-ID: <42E8D3D5.4030300@tirloni.org>
next in thread | raw e-mail | index | archive | help
Hello,
I've deployed dozens of gateways with transparent HTTP proxy but this
time it isn't working and I suspect pf is somehow involved in this.
Packets aren't being redirected anywhere. I've disabled filtering
totally to debug this.
I've a rule to redirect every connection attempt to port 80 to
127.0.0.1 port 3128:
rdr on $lan_if proto tcp from { $lan_net } to any port 80 -> 127.0.0.1
port 3128
In squid.conf I've enabled this:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
The rdr rule is being matched and with tcpdump I see packets coming
into the $lan_if but nothing gets to $ext_if or loopback. They simply
disappear (and the originating machine doesn't get a answer back).
Running tcpdump on pflog0 doesn't show anything either (as expected
since there's no filter rule).
This was happening on 5.3-STABLE and I updated the system to
5.4-STABLE this week. Both $int_if and $ext_if are vr interfaces.
Weird enough.. this works on every other box except this and another
one. And nothing fixes it.
Any way to debug this ? I've run out of ideas.
Thanks in advance,
--
Giovanni P. Tirloni / gpt@tirloni.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42E8D3D5.4030300>