Anyone using squid and pf?
Leslie Jensen
leslie at eskk.nu
Sun Dec 16 07:46:39 UTC 2012
Damien Fleuriot skrev 2012-11-29 00:28:
>
>
> # 1/ redirect web traffic to the proxy $proxy on port $proxyport
> rdr in on $int_if inet proto tcp from !$proxy to any port 80 -> $proxy
> port $proxyport tag rdr_proxy
>
> # 2/ redirect FTP traffic to the ftp-proxy running on the local
> machine on port 8021
> rdr in on $int_if inet proto tcp from $int_if:network to any port 21
> -> 127.0.0.1 port 8021 tag rdr_ftp
>
> # 3/ access rule to allow traffic from the local net to your proxy
> pass in quick on $int_if inet proto tcp flags S/SAFR tagged rdr_proxy
>
> # 4/ access rule to allow traffic from the local net to your FTP proxy
> pass in quick on $int_if inet proto tcp flags S/SAFR tagged rdr_ftp
>
> # 5/ access rule to allow your proxy to do whatever it wants in a very
> limited fashion
> pass in quick on $int_if inet proto tcp from $proxy to any port { 80
> 443 } flags S/SAFR
>
>
Hello Damien
I'm concentrating on getting the web traffic to work first.
I've changed rule #1 as you can see below but pf returns a syntax error.
# redirect www trafic to proxy
rdr in on $int_if inet proto tcp from !$proxy to any port
$proxy_services -> $proxy $proxyport tag rdr_proxy
My variables are:
proxy = "172.18.0.1"
proxy_services = "{ 21, 80 }"
proxyport="8080"
Am I supposed to ad rule #5 as well or is it a suggestion?
Thanks
/Leslie
More information about the freebsd-questions
mailing list