pf + squid
Greg Donald
destiney at gmail.com
Wed May 18 21:28:06 PDT 2005
On 5/18/05, Tomas Quintero <tomasq at gmail.com> wrote:
> I use PF myself.
I've disabled my ipfw and natd stuff in rc.conf. Trying only with pf now.
I'm still having problems getting this to work. Most sites I go to
fail to load, google.com for example. Other sites, the HTML loads but
not the images, slashdot.org for example.
See anything wrong with my conf files ?
squid.conf:
acl all src 0.0.0.0/0.0.0.0
acl our_networks src 10.0.0.0/8
acl to_localhost dst 127.0.0.0/8
http_port 127.0.0.1:3128
http_access deny to_localhost
http_access allow our_networks
visible_hostname gateway.localdomain
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
pf.conf:
ext_if="dc0"
int_if="dc1"
internal_net="10.0.0.0/8"
external_addr="24.159.59.97"
rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128
pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state
my pf setting from rc.conf:
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""
gateway_enable="YES"
With these settings I have no NAT and most of the sites I try I can't
reach, it acts lik eI'm trying to access a broekn DNS server or
something. I have a local DNS server 10.0.0.2 that works fine with my
old ipfw setup. I read in the pf docs that gateway_enable="YES"
activates a pf NAT or something to that effect. Is there more to do?
Seems I have _something_ working, but it's not working 100% yet.
Or better yet does anyone have a transparent proxy setup they might
share their conf files from with me? I'll do the diff :)
Thanks,
--
Greg Donald
Zend Certified Engineer
http://destiney.com/
More information about the freebsd-questions
mailing list