Anyone using squid and pf?
Doug Sampson
dougs at dawnsign.com
Tue Nov 27 17:50:03 UTC 2012
[...]
> Rules from pf.conf
>
> --------------------------------------------
> # macros
> ext_if="xl0"
> int_if="bge0"
>
> tcp_services="{ 22, 993, 5910:5917 }"
> tcp_priv_services="{ 389, 443 }"
> proxy_services = "{ 21, 80 }"
> icmp_types="{ echoreq unreach squench timex }"
> internal_net = "172.18.0.0/16"
> proxy = "172.18.0.1"
> proxyport="8021"
^
No whitespace here
>
> # tables
> table <goodguys> persist
> table <sshguard> persist
>
> # options
> set block-policy return # ports are closed but can be seen
> set loginterface $ext_if
>
> set skip on lo0
>
> # scrub
> scrub in
>
> rdr pass proto tcp from any to any port ftp -> 127.0.0.1 port 8021
>
> # redirect www trafic to proxy
> rdr on $int_if inet proto tcp from $internal_net to any port
> $proxy_services -> $proxy port 8080
^
Whitespace here. Maybe that's the issue here?
> # ext_if IP address could be dynamic, hence ($ext_if)
> nat on $ext_if from !($ext_if) to any -> ($ext_if)
[...]
More information about the freebsd-questions
mailing list