FreeBSD PF question

Monah Baki monahbaki at
Mon Mar 9 14:04:17 UTC 2015

Hi All,

I have a freebsd 10.1 server with a single interface (bge0) running squid
in intercept mode. There is a Cisco device doing the policy routing.

interface GigabitEthernet0/0/1.1

encapsulation dot1Q 1 native

ip address

no ip redirects

no ip unreachables

ip nat inside

standby 1 ip

standby 1 priority 120

standby 1 preempt

standby 1 name HSRP

ip policy route-map CFLOW

ip access-list extended REDIRECT

deny   tcp host any eq www

permit tcp host any eq www

route-map CFLOW permit 10

match ip address REDIRECT
set ip next-hop

My squid.conf has the following:
http_port 3128
http_port 3129 intercept

My pf.conf has the following:

rdr on bge0 inet proto tcp from to any port 80 -> port
# block in
pass in log quick on bge0
pass out log quick on bge0
pass out keep state

User gets an access denied on browsing, and in my cache.log file, I see:
WARNING: Forwarding loop detected for:

Any help/guidance is appreciated.


More information about the freebsd-questions mailing list