From owner-freebsd-questions@FreeBSD.ORG Tue Nov 27 17:52:17 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 67314C2A for ; Tue, 27 Nov 2012 17:52:17 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) by mx1.freebsd.org (Postfix) with ESMTP id DAA358FC0C for ; Tue, 27 Nov 2012 17:52:14 +0000 (UTC) Received: by mail-wi0-f170.google.com with SMTP id hq7so4069350wib.1 for ; Tue, 27 Nov 2012 09:52:13 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=Y1KD+hcL4AYhdzPVkuwH2AFwxWqT+gg3mOYBla/VLbE=; b=pAC9A57vGfpjtLaDrSv9KqsWt8l6NEVWwwSr/khr7SYTu+HQdLdvWK1rPAd5YSiOY3 KKtFIm1JqLx0hwBcuWfRe15kS8pkKIsHpbgbngr37QuoB3WAfLFyws120nIn7QJn39wZ coTa+CEywI3L0fkEomzVn3kJjv39Auy8HPOZodEc9W6KhCUiSnnk2z1FjUs+cJAyVbWe pYDbEMcN8tjBEtpyBRAQ5aphIWWyMLrXqH8paFWf4qNRsM89DAclN4r8q+BhqE4m5iVM buyK0O371aHGLRbedispU8QH02AdDIVdGqGW48PQWQZhvDDp7cauEl7XOB5yoE084Aq9 234w== Received: by 10.180.105.105 with SMTP id gl9mr4311399wib.17.1354038733241; Tue, 27 Nov 2012 09:52:13 -0800 (PST) Received: from dfleuriot-at-hi-media.com ([83.167.62.196]) by mx.google.com with ESMTPS id ec3sm3461984wib.10.2012.11.27.09.52.11 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 27 Nov 2012 09:52:11 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) Subject: Re: Anyone using squid and pf? From: Fleuriot Damien In-Reply-To: Date: Tue, 27 Nov 2012 18:52:10 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <50B0EA28.7060904@eskk.nu> <50B338B2.3090600@gmail.com> <50B3B788.6040801@eskk.nu> To: Doug Sampson X-Mailer: Apple Mail (2.1499) X-Gm-Message-State: ALoCoQmr7aPvAejv47OCRk5daUag60WO2PeFUq+I8WKJhzNjsKk5gCl1Fh1FMwmEZuFCJyn9EkFd Cc: freebsd questions list X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Nov 2012 17:52:17 -0000 On Nov 27, 2012, at 6:34 PM, Doug Sampson wrote: > [...] >=20 >> Rules from pf.conf >>=20 >> -------------------------------------------- >> # macros >> ext_if=3D"xl0" >> int_if=3D"bge0" >>=20 >> tcp_services=3D"{ 22, 993, 5910:5917 }" >> tcp_priv_services=3D"{ 389, 443 }" >> proxy_services =3D "{ 21, 80 }" >> icmp_types=3D"{ echoreq unreach squench timex }" >> internal_net =3D "172.18.0.0/16" >> proxy =3D "172.18.0.1" >> proxyport=3D"8021" > ^ > No whitespace here >=20 >>=20 >> # tables >> table persist >> table persist >>=20 >> # options >> set block-policy return # ports are closed but can be seen >> set loginterface $ext_if >>=20 >> set skip on lo0 >>=20 >> # scrub >> scrub in >>=20 >> rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021 >>=20 >> # redirect www trafic to proxy >> rdr on $int_if inet proto tcp from $internal_net to any port >> $proxy_services -> $proxy port 8080 > ^ > Whitespace here. Maybe that's the issue here? >=20 Erm, working as intended, Doug. He's redirecting from his internal net to any port defined as proxiable, = to his $proxy machine on port 8080. Looks good to me. >> # ext_if IP address could be dynamic, hence ($ext_if) >> nat on $ext_if from !($ext_if) to any -> ($ext_if) >=20 > [...] > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"