[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

the magic of the route-to /pls help/



Hello list,

  I feel really sad to ask such a question, but after trying hard ~12 h I should ask 4 help
(now I feel really sleepy, hope the email is understandable)
 
/I have the feeling that it worked before an update to current
dont get me wrong I just deleted my previous configs :( /
 
the layout is:
OpenBSD current + squid(auth not transparent)
int_if, ext_if, dsl
 
internal netz to web -> squid, route-to $tdsl -> internet web
internal netz to all   -> default route $ext_if  -> internet all
 
there was 2 variants which came in my head
1) bind squid listen to internal ip
    bind squid tcp_outgoing_address to $tdsl
    default gateway $gate_ext_if
    pf:
    pass out log quick on $ext_if route-to $tdsl proto tcp from $tdsl to any
 
2) bind squid listen to internal ip
    bind squid tcp_outgoing_address to $int_ip
    default gateway $gate_ext_if
    pf:
    nat on $tdsl from $int_ip to any port $web_ports -> $tdsl
    nat on $ext_if from any to any -> $ext_ip
    pass out log quick on $ext_if route-to $tdsl proto tcp from $tdsl to any
 
but somehow both variants doesnt work :(
it could be a mistake from the order of the rules (i have no ideas anymore)
in any case the maximum i can get is that some web sites work,
but most important dont (didnt investigate it but I guess that the sites with sessions dont work)
example "www.yahoo.de" doesnt work
 
Please give me a direction how it should be done or post a sample ruleset which should work.
 
Thanks
 
Best Regards,
ivan