Something is wrong
Greg Hennessy
Greg.Hennessy at nviz.net
Thu May 4 07:23:00 UTC 2006
>
> Some applications in intranet pages use ports like
> 19336 or 8081 and they don't support the proxy.
>
> I need to tell to pf
This is not a pf issue, apart from get rid of
set optimization aggressive
The defaults are more than adequate.
add
set block-policy return
So applications can tell you if the packet filter is getting in their way.
& assuming you're running 6 or later
Get rid of
pass quick on lo0
And replace it with
Set skip on lo0
You need to configure either a local exclusion list through group policy
and/or create a proxy.pac file for each client and use it.
If the proxy server has a routed connection to the intranet, it shouldn't
matter what the destination port for the http server is.
Given you run a default policy of block, you do not appear to have a
pass out
Rule on the inside interface permitting squid to connect to the intranet
servers.
Greg
More information about the freebsd-pf
mailing list