PF rdr from one port to another

[Gergely CZUCZY]

On Wed, Dec 06, 2006 at 09:28:47AM -0600, Roger Miranda (Digital Relay) wrote:
> On Wednesday 06 December 2006 09:22, Gergely CZUCZY wrote:
> > On Wed, Dec 06, 2006 at 09:16:52AM -0600, Roger Miranda (Digital Relay) 
> wrote:
> > > Hey Everyone, First time poster here.
> > >
> > > I have a freebsd 6.1 setup with if_bridge. Two nics.
> > > I am running squid on the bridge itself.
> > >
> > > I having some issues doing the routing with PF.
> > > i have:
> > >
> > > rdr on $int_if inet proto tcp from $net to any port www -> $proxy port
> > > 3128
> >
> > is $int_if the internal or the bridged interface?
> > what is $proxy?
> 
> Sorry about that,
> 
> ext_if="em0"
> int_if="em1"
> bridge_if="bridge0"
> net="192.168.0.0/16"
> proxy="127.0.0.1"
nice. use brdige_if.
i remember somewhere reading about this, the bridge interface
should be used for filtering, and not the induvidual interfaces

> em0 = 192.168.0.74
> em1 = 192.168.0.75
>
> >
> > > pass in log all keep state
> > > pass out log all keep state
> >
> > it'd be wise to specify interfaces also here.
> >
> > > Now fromt the workstation I type in "http://slashdot.org" and it see pass
> > > through squid, but now it is trying to connect to
> > > "http://slashdot.org:3128"
> >
> > what is "it" that conects to :3128 ?
> > 1) it == the client
> > 2) it == the squid proxy
> It's the proxy trying to redirect it to :3128, I just see that by looking at
> tcpdump.
interesting, it shouldn't. have you configured squid to act
as a transproxy on that port, and have pf support built into squid?
i think that you must have to use this feature.

Bye,

Gergely Czuczy
mailto: gergely.czuczy at harmless.hu

-- 
Weenies test. Geniuses solve problems that arise.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 1637 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20061206/0f0d96b7/attachment.pgp