PF and SQUID
Max Laier
max at love2party.net
Mon Jun 23 20:13:38 UTC 2008
On Monday 23 June 2008 17:50:47 Miguel Alcántara wrote:
> Hi everybody, I'm having a problem for a week. I have to setup PF +
> SQUID in a P2 machine, with 128RAM and 6GB hard disk and just one nic.
> I virtualized an interface with an ip 192.168.1.80 and it has squid,
> the nic has 192.168.1.60 and all the lan is 192.168.1.0/24.
>
> My problem is that I can´t browse some sites the must be permitted.
>
> pf.conf
>
> #rules for firewall
> ext_nic = "dc0"
> yo = "192.168.1.0/24"
>
> table <dns_cautivo> {208.67.220.220, 208.67.222.222}
> #SQUID CONFIGURATION
> rdr pass on $ext_nic inet proto tcp from $yo to any port www ->
> 192.168.1.80port 3128
> nat on $ext_nic from $yo to any -> ($ext_nic)
> #FILTER
> block all
> #pass in on $ext_nic from $yo
> pass out on $ext_nic from any to <dns_cautivo>
With these rules there is no way for your squid to talk to the rest of the
world. You have to allow it *somehow*[tm] to connect to the outside.
From the above, I kind of doubt that you really understand what you are
doing - or are serverly suffering from the language barrier. You might
want to try to contact a forum or usergroup in your native language.
> squid.conf
<snip - doesn't matter>
> Well, it doens`t work, when I try to surf in any domain name listed
> above in squid squid sends me a message:
>
> ERROR The requested URL could not be retrieved
> ------------------------------
>
> While trying to retrieve the URL: http://www.yahoo.com/
>
> The following error was encountered:
>
> - * Connection to Failed *
>
> The system returned:
>
> * (1) Operation not permitted*
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-pf
mailing list