On Tue, Mar 29, 2011 at 01:16:32PM +0200, Leslie Jensen wrote: > I'm also running > tcpdump -s 256 -n -e -tttt -i pflog0 > > But I cannot see any of the outgoing packets getting detected by pf and > sent to the proxy.
You have logging enabled on the rule explicitely passing the redirected connections: pass in log on $int_if inet proto tcp from $internal_net to $proxy port 8080 keep state but subequently have another matching rule without logging: pass in quick on $int_if Either add 'quick' to the former rule, or add 'log' to the latter rule, then you should see establishements of forwarded connections on pflog0. Also, you can run # pfctl -vvss immediately after a connection attempt of a client. You should see a forwarded connection in the list. Other things to check: Make sure IP forwarding is enabled # sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 1 and the interface names are (still) what you expect them to be # ifconfig and pf is enabled # pfctl -si | head -1 Status: Enabled for 19 days 06:45:57 Debug: Misc and the rules are loaded correctly # pfctl -f /etc/pf.conf # Is squid really listening on port 8080 (default is 3128)? # netstat -an | grep LISTEN tcp4 0 0 *.8080 *.* LISTEN If this doesn't lead to any clues, I'd tcpdump tcp port 80 on the internal interface, try to establish one connection, see if the TCP handshake completes, if a HTTP request is sent, etc. HTH, Daniel _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
