[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: http proxy and pf



On Wed, Mar 12, 2003 at 10:30:12AM -0600, David Jobes wrote:
> nat on de0 from 192.168.1.0/24 to any -> de0
> 
> rdr on de0 proto tcp from any to de0/32 port 80 -> 127.0.0.1 port 3128
Since de0 is obviously the external interface, you probably want the rdr
to apply on the internal interface instead (redirecting connections from
local web browsers to the proxy).
> pass in on $int_if proto tcp from 192.168.1.0/24 port 80 to $lo_int port 3128
This looks fine, assuming you change the rdr to 'on $int_if'.
> pass out on $int_if proto tcp from 192.168.1.0/24 port 80 to 127.0.0.1 port
> 3128
> pass out on $ext_if proto tcp from $lo_int to any port { 80, 3128 }
Not sure what these two are meant to do, you probably don't want to pass
packets with source or destination 127.0.0.1 _out_ on any real
interface.
Make sure you compile squid from the ports tree and enable the
transparent proxy options (FLAVOR transparent for the port, squid.conf
according to the documentation on squid-cache.org).
Daniel