Something is wrong
Aguiar Magalhaes
magalhj at yahoo.com.br
Thu May 4 03:40:04 UTC 2006
List,
I have a lot of Windows Internet Explorer browsers in
the
LAN and they are marked to use the proxy at 3128 port.
The pf and squid are in the same machine. I'm not
using transparent proxy on pf. I don't have any
redirections to proxy.
Some applications in intranet pages use ports like
19336 or 8081 and they don't support the proxy.
I need to tell to pf doesn't send the packages to the
proxy, if the users are accessing those applications
pages, but I'm not have success..
My firewall has only two NICs: $int_if and $ext_if
Could you help me ? Thanks, Aguiar
The rules are:
- - - - - - - -
internal_net = "172.16.0.0/12"
fw_ip_int = "172.16.0.9"
fw_ip_ext = "200.x.x.x"
lan_to_int = "{ 25 123 ... etc }
set optimization aggressive
scrub in all
nat on $ext_if from $internal_net to any -> $fw_ip_ext
rdr on $int_if proto tcp from $internal_net to any
port 21 -> 127.0.0.1 port 8081
pass quick on lo0 all
antispoof for $ext_if inet
block log all
pass in on $int_if inet proto tcp from $internal_net
to 127.0.0.1 port 8081 keep state
pass in on $int_if inet proto tcp from $internal_net
to { $fw_ip_int $fw_ip_ext } port 3128 keep state
pass in on $int_if inet proto udp from $internal_net
to any port 53 keep state
pass in on $int_if inet proto tcp from $internal_net
to any port $lan_to_int keep state
# Access permitted out of the proxy (not is ok...)
pass inet proto tcp from { 172.16.1.16 172.16.1.165
172.16.1.203 } to 201.x.x.x port { 80 3128 8081 } keep
state
pass out from $fw_ip_ext to any keep state
- - - - - - - - - - - -
_______________________________________________________
Novo Yahoo! Messenger com voz: Instale agora e faça ligações de graça.
http://br.messenger.yahoo.com/
More information about the freebsd-pf
mailing list