PF rdr from one port to another

Roger Miranda (Digital Relay) rmiranda at digitalrelay.ca
Wed Dec 6 07:45:16 PST 2006 

On Wednesday 06 December 2006 09:42, Gergely CZUCZY wrote:
> On Wed, Dec 06, 2006 at 09:37:49AM -0600, Roger Miranda (Digital Relay) 
wrote:
> > On Wednesday 06 December 2006 09:31, you wrote:
> > > On Wed, Dec 06, 2006 at 09:28:47AM -0600, Roger Miranda (Digital Relay)
> >
> > wrote:
> > > > On Wednesday 06 December 2006 09:22, Gergely CZUCZY wrote:
> > > > > On Wed, Dec 06, 2006 at 09:16:52AM -0600, Roger Miranda (Digital
> > > > > Relay)
> > > >
> > > > wrote:
> > > > > > Hey Everyone, First time poster here.
> > > > > >
> > > > > > I have a freebsd 6.1 setup with if_bridge. Two nics.
> > > > > > I am running squid on the bridge itself.
> > > > > >
> > > > > > I having some issues doing the routing with PF.
> > > > > > i have:
> > > > > >
> > > > > > rdr on $int_if inet proto tcp from $net to any port www -> $proxy
> > > > > > port 3128
> > > > >
> > > > > is $int_if the internal or the bridged interface?
> > > > > what is $proxy?
> > > >
> > > > Sorry about that,
> > > >
> > > > ext_if="em0"
> > > > int_if="em1"
> > > > bridge_if="bridge0"
> > > > net="192.168.0.0/16"
> > > > proxy="127.0.0.1"
> > >
> > > nice. use brdige_if.
> > > i remember somewhere reading about this, the bridge interface
> > > should be used for filtering, and not the induvidual interfaces
> >
> > When i do a rdr on $bridge_if, it just seems to bypass everything.
> >
> > > > em0 = 192.168.0.74
> > > > em1 = 192.168.0.75
> > > >
> > > > > > pass in log all keep state
> > > > > > pass out log all keep state
> > > > >
> > > > > it'd be wise to specify interfaces also here.
> > > > >
> > > > > > Now fromt the workstation I type in "http://slashdot.org" and it
> > > > > > see pass through squid, but now it is trying to connect to
> > > > > > "http://slashdot.org:3128"
> > > > >
> > > > > what is "it" that conects to :3128 ?
> > > > > 1) it == the client
> > > > > 2) it == the squid proxy
> > > >
> > > > It's the proxy trying to redirect it to :3128, I just see that by
> > > > looking at tcpdump.
> > >
> > > interesting, it shouldn't. have you configured squid to act
> > > as a transproxy on that port, and have pf support built into squid?
> > > i think that you must have to use this feature.
> >
> > Yes. I do have trasparent pf compiled into squid.
>
> please also answer the other question. have you made squid to
> listen on that port as a transparent proxy?
> and what version of squid is this at all?
squid is listeing on port :3128 and i do have transparent proxy enabled.
I am using squid 2.6
>
> > > Bye,
> > >
> > > Gergely Czuczy
> > > mailto: gergely.czuczy at harmless.hu
>
> Bye,
>
> Gergely Czuczy
> mailto: gergely.czuczy at harmless.hu

More information about the freebsd-pf mailing list