Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Nov 2012 18:52:10 +0100
From:      Fleuriot Damien <ml@my.gd>
To:        Doug Sampson <dougs@dawnsign.com>
Cc:        freebsd questions list <freebsd-questions@freebsd.org>
Subject:   Re: Anyone using squid and pf?
Message-ID:  <AEB48EC3-2BED-4306-AB02-D695D1213DA8@my.gd>
In-Reply-To: <E6B2517F8D6DBF4CABB8F38ACA367E782A5D6ABC@Draco.dawnsign.com>
References:  <50B0EA28.7060904@eskk.nu> <50B338B2.3090600@gmail.com> <50B3B788.6040801@eskk.nu> <E6B2517F8D6DBF4CABB8F38ACA367E782A5D6ABC@Draco.dawnsign.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Nov 27, 2012, at 6:34 PM, Doug Sampson <dougs@dawnsign.com> wrote:

> [...]
>=20
>> Rules from pf.conf
>>=20
>> --------------------------------------------
>> # macros
>> ext_if=3D"xl0"
>> int_if=3D"bge0"
>>=20
>> tcp_services=3D"{ 22, 993, 5910:5917 }"
>> tcp_priv_services=3D"{ 389, 443 }"
>> proxy_services =3D "{ 21, 80 }"
>> icmp_types=3D"{ echoreq unreach squench timex }"
>> internal_net =3D "172.18.0.0/16"
>> proxy =3D "172.18.0.1"
>> proxyport=3D"8021"
>       ^
> No whitespace here
>=20
>>=20
>> # tables
>> table <goodguys> persist
>> table <sshguard> persist
>>=20
>> # options
>> set block-policy return     # ports are closed but can be seen
>> set loginterface $ext_if
>>=20
>> set skip on lo0
>>=20
>> # scrub
>> scrub in
>>=20
>> rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
>>=20
>> # redirect www trafic to proxy
>> rdr on $int_if inet proto tcp from $internal_net to any port
>> $proxy_services -> $proxy port 8080
>                           ^
> Whitespace here. Maybe that's the issue here?
>=20


Erm, working as intended, Doug.

He's redirecting from his internal net to any port defined as proxiable, =
to his $proxy machine on port 8080.

Looks good to me.




>> # ext_if IP address could be dynamic, hence ($ext_if)
>> nat on $ext_if from !($ext_if) to any -> ($ext_if)
>=20
> [...]
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to =
"freebsd-questions-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AEB48EC3-2BED-4306-AB02-D695D1213DA8>