[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf on FreeBSD + WCCP + Squid



I've been using IPFilter + FreeBSD + WCCP + Squid for quite sometime
now. I want to switch to pf but I can't seem to get it right. My
/etc/pf.conf looks like this:
rdr on em0 inet proto tcp from any to any port www -> 127.0.0.1 port 3128
pass in all
pass out all
Squid was compiled with the option "--enable-pf-transparent". I've
also created a GRE tunnel from the FreeBSD box to the router via this
command:
ifconfig gre0 create
ifconfig gre0 $squid_ip 10.20.30.40 netmask 255.255.255.255 link1
tunnel $squid_ip $router_ip up
I can confirm that the FreeBSD box is receiving GRE packets from the router:
007496 00:06:d6:19:20:06 > 00:30:48:27:89:a0, ethertype IPv4 (0x0800),
length 78: IP 202.91.161.93 > $squid_ip: gre-proto-0x883e
001499 00:06:d6:19:20:06 > 00:30:48:27:89:a0, ethertype IPv4 (0x0800),
length 78: IP 202.91.161.93 > $squid_ip: gre-proto-0x883e
015118 00:06:d6:19:20:06 > 00:30:48:27:89:a0, ethertype IPv4 (0x0800),
length 86: IP 202.91.161.93 > $squid_ip: gre-proto-0x883e
002373 00:06:d6:19:20:06 > 00:30:48:27:89:a0, ethertype IPv4 (0x0800),
length 86: IP 202.91.161.93 > $squid_ip: gre-proto-0x883e
065467 00:06:d6:19:20:06 > 00:30:48:27:89:a0, ethertype IPv4 (0x0800),
length 86: IP 202.91.161.93 > $squid_ip: gre-proto-0x883e
032108 00:06:d6:19:20:06 > 00:30:48:27:89:a0, ethertype IPv4 (0x0800), length 86
However, squid is not receiving any HTTP packet to process. I would
appreciate any help. Thanks!