rdr not working for transparent http - 5.4-stable

Giovanni P. Tirloni gpt at tirloni.org
Sun Jul 31 18:36:06 GMT 2005


Abu Khaled disse:
> On 7/31/05, Giovanni P. Tirloni <gpt at tirloni.org> wrote:
>>   I think there's something in the code that makes it not work because I
>> set ipfw to accept by default on every machine I have. There must be
>> something else.
>>
>
> Sounds confusing !!!
>
> Do you mind providing you ipfw/pf rules and the output of:
> # squid -v
> # ls -l /dev/pf
>
> Just to have a look at them while I scratch my head (to express the
> confused system administrator emotion).

 1. pf is enabled:

   device pf

 2. ipfw is enabled and accepts by default

   options IPFIREWALL
   options IPFIREWALL_DEFAULT_TO_ACCEPT

 3. I've no ipfw rules. ipfw is only compiled in and has just one rule to
accept everything (implied by kernel option)

 ipfw was just sitting there doing nothing useful for me and pf rdr didn't
work (nat and block/pass worked). I removed ipfw from my kernel config
and now pf rdr works. Squid is running in transparent mode.

 Now everything works and I'll try to simulate this behaviour on a lab
machine just not to annoy the customer anymore. I'll let the list know
about the results.

 Sorry about confusing it all.. thanks everybody.

-- 
Giovanni P. Tirloni




More information about the freebsd-pf mailing list