rdr not working for transparent http - 5.4-stable
Giovanni P. Tirloni
gpt at tirloni.org
Thu Jul 28 12:47:21 GMT 2005
Hello,
I've deployed dozens of gateways with transparent HTTP proxy but this
time it isn't working and I suspect pf is somehow involved in this.
Packets aren't being redirected anywhere. I've disabled filtering
totally to debug this.
I've a rule to redirect every connection attempt to port 80 to
127.0.0.1 port 3128:
rdr on $lan_if proto tcp from { $lan_net } to any port 80 -> 127.0.0.1
port 3128
In squid.conf I've enabled this:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
The rdr rule is being matched and with tcpdump I see packets coming
into the $lan_if but nothing gets to $ext_if or loopback. They simply
disappear (and the originating machine doesn't get a answer back).
Running tcpdump on pflog0 doesn't show anything either (as expected
since there's no filter rule).
This was happening on 5.3-STABLE and I updated the system to
5.4-STABLE this week. Both $int_if and $ext_if are vr interfaces.
Weird enough.. this works on every other box except this and another
one. And nothing fixes it.
Any way to debug this ? I've run out of ideas.
Thanks in advance,
--
Giovanni P. Tirloni / gpt at tirloni.org
More information about the freebsd-pf
mailing list