atar wrote on 06/16/2016 13:38:
atar wrote on 06/16/2016 09:15:
Can you give me any hint how to cause PF to redirect all the traffic through
the squid proxy? I'm pretty new in them both (PF and squid).
You can find basic config here
http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf
Squid can be installed from ports / packages
http://www.freshports.org/www/squid/
Miroslav Lachman
Hi and thanks for your willing to help.
Unfortunately, I didn't succeed to redirect the network traffic through the
squid server.
I've putted the following line in my pf.conf:
rdr pass inet proto tcp from any to any -> 127.0.0.1 port 3128
since the squid server is listening on port 3128, but the traffic isn't going
through it.
I've also verified that no traffic is redirected to port 3128 by running the
command: nc -l 3128.
I've no idea what is wrong here.
Are you trying to block traffic originating on machine with PF and Squid
or is this machine firewall for LAN?
I think you need to add port www (or port {80, 443}) to your rdr rule
and also specify on which interface you want to do this translation. If
you need to filter traffic from your LAN to outside world you need to
specify LAN interface.
Something like this
rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port
3128
pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state
More resources can be found here
http://serverfault.com/questions/490926/freebsd-pf-squid-transparent
http://www.benzedrine.ch/transquid.html
https://forums.freebsd.org/threads/10874/
Miroslav Lachman
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
