FreeBSD PF question
Monah Baki
monahbaki at gmail.com
Mon Mar 9 14:04:17 UTC 2015
Hi All,
I have a freebsd 10.1 server with a single interface (bge0) running squid
in intercept mode. There is a Cisco device doing the policy routing.
interface GigabitEthernet0/0/1.1
encapsulation dot1Q 1 native
ip address 10.0.0.9 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
standby 1 ip 10.0.0.10
standby 1 priority 120
standby 1 preempt
standby 1 name HSRP
ip policy route-map CFLOW
ip access-list extended REDIRECT
deny tcp host 10.0.0.24 any eq www
permit tcp host 10.0.0.23 any eq www
route-map CFLOW permit 10
match ip address REDIRECT
set ip next-hop 10.0.0.24
My squid.conf has the following:
http_port 3128
http_port 3129 intercept
My pf.conf has the following:
rdr on bge0 inet proto tcp from 10.0.0.0/8 to any port 80 -> 10.0.0.24 port
3129
# block in
pass in log quick on bge0
pass out log quick on bge0
pass out keep state
User gets an access denied on browsing, and in my cache.log file, I see:
WARNING: Forwarding loop detected for:
Any help/guidance is appreciated.
Thanks
More information about the freebsd-questions
mailing list