if_bridge + pf rdr (bridged inline proxy)
Kevin Foo
chflags at gmail.com
Thu Nov 27 21:29:36 PST 2008
Thank Eygene for the reply. It might be but I'm not sure. Anyone is
having the same setting or any info on this?
--
Regards
Kevin Foo
On Thu, Nov 27, 2008 at 10:00 PM, Eygene Ryabinkin <rea-fbsd at codelabs.ru> wrote:
> Kevin, good day.
>
> Thu, Nov 27, 2008 at 08:26:55PM +0800, Kevin Foo wrote:
>> I recently setup a bridge box with inline cache proxy. if_bridge with
>> pf filtering was working perfectly. However, squid-cache listening on
>> loopback device did not get any packets from pf rdr. I have seen
>> successful setups with OpenBSD's bridge spamd which rather a similar
>> setup. Is something broken on FreeBSD's if_bridge or am I missing some
>> configuration here?
>
> pf can 'rdr' only incoming packets (from 'man pf.conf'):
> -----
> Evaluation order of the translation rules is dependent on the type of the
> translation rules and of the direction of a packet. binat rules are
> always evaluated first. Then either the rdr rules are evaluated on an
> inbound packet or the nat rules on an outbound packet. Rules of the same
> type are evaluated in the same order in which they appear in the ruleset.
> The first matching rule decides what action is taken.
> -----
> So this can be just pf-related. And may be not, as usual...
> --
> Eygene
> _ ___ _.--. #
> \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
> / ' ` , __.--' # to read the on-line manual
> )/' _/ \ `-_, / # while single-stepping the kernel.
> `-'" `"\_ ,_.-;_.-\_ ', fsc/as #
> _.-'_./ {_.' ; / # -- FreeBSD Developers handbook
> {_.-``-' {_/ #
>
More information about the freebsd-net
mailing list