Question regarding packet forwarding and Squid
Daniel Hartmeier
daniel at benzedrine.cx
Wed Jul 11 07:22:11 UTC 2012
On Mon, Jul 09, 2012 at 06:31:55PM -0700, Hao Bryan Cheng wrote:
> Is there a rule in pf that behaves similarly to ipfw's fwd rule? I have
> heard mentions of a divert-to rule, but I was unsuccessful in finding any
> official documentation on the subject anywhere online.
No, there's no generic rule in pf to solve this for every proxy, but
there is a solution for squid specifically:
When you build the Squid port (www/squid) there is an option
[ ] SQUID_PF Enable transparent proxying with PF
This enables a function specifically to deal with your case: when squid,
listening on 127.0.0.1:3128, receives a connection rdr'd by pf
src original dst rewritten dst
10.1.2.3:61234 -> 62.65.1.2:80 -> 127.0.0.1:3128
squid will use a pf-specific ioctl() call to figure out the original
destination, and use it for url_rewrite, too, AFAIK.
HTH,
Daniel
More information about the freebsd-pf
mailing list