Re: pf on FreeBSD + WCCP + Squid

On Fri, Apr 01, 2005 at 02:37:00AM +0800, Francis Vidal wrote:
> rdr on em0 inet proto tcp from any to any port www -> port 3128
You probably need to use 'on gre0' here. On em0, the packets are still
encapsulated, and don't match the 'proto tcp' criterion.
pf does never looks inside encapsulated packets, it uses the outer-most
interpretation of what it sees ('proto gre' in this case). But it will
be called for each packet once on em0 and then (after the stack
decapsulates the packet) on gre0. So to hit the right level of
decapsulation, put the rule on the right interface, which should be gre0