Problems with pf rules for intercept squid proxy
C. L. Martinez
carlopmart at gmail.com
Tue Jun 28 13:08:09 UTC 2016
Hi all,
I have some problems with my pf rules on a FreeBSD 10.3 host that acts as a squid intercept proxy. My actual pf rules are:
rdr pass on $vpnif proto tcp from $int_network to any port http -> lo0 port 5144
rdr pass on $vpnif proto tcp from $int_network to any port https -> lo0 port 5145
At first stage it seems that these rules works, but don't. Traffic is redirected to squid, but squid denies all connections:
1467111934.502 1 172.22.55.1 TCP_DENIED/403 4221 GET http://www.osnews.com/ - HIER_NONE/- text/html
Using same squid.conf's file under an OpenBSD test machine, squid works without problems. For this reason, I don't think there is some problem with my squid's config. The only difference between this OpenBSD host and FreeBSD are the pf rules. In OpenBSD host, pf rules are:
pass in inet proto tcp from $int_network to any port http divert-to 127.0.0.1 port 5144
pass in inet proto tcp from $int_network to any port https divert-to 127.0.0.1 port 5145
.. and all works ok.
Any idea why squid denies connections using FreeBSD's pf rules??
Thanks.
--
Greetings,
C. L. Martinez
More information about the freebsd-questions
mailing list