> atar wrote on 06/16/2016 13:38: >>> atar wrote on 06/16/2016 09:15: > >>>> Can you give me any hint how to cause PF to redirect all the traffic >>>> through the squid proxy? I'm pretty new in them both (PF and squid). >>> >>> You can find basic config here >>> http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf >>> >>> Squid can be installed from ports / packages >>> http://www.freshports.org/www/squid/ >>> >>> Miroslav Lachman >> >> Hi and thanks for your willing to help. >> >> Unfortunately, I didn't succeed to redirect the network traffic through the >> squid server. >> >> I've putted the following line in my pf.conf: >> >> rdr pass inet proto tcp from any to any -> 127.0.0.1 port 3128 >> >> since the squid server is listening on port 3128, but the traffic isn't >> going through it. >> >> I've also verified that no traffic is redirected to port 3128 by running the >> command: nc -l 3128. >> >> I've no idea what is wrong here. > > Are you trying to block traffic originating on machine with PF and Squid or > is this machine firewall for LAN? > > I think you need to add port www (or port {80, 443}) to your rdr rule and > also specify on which interface you want to do this translation. If you need > to filter traffic from your LAN to outside world you need to specify LAN > interface. > > Something like this > > rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128 > > pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state > pass out on $ext_if inet proto tcp from any to any port www keep state > > > More resources can be found here > > http://serverfault.com/questions/490926/freebsd-pf-squid-transparent > http://www.benzedrine.ch/transquid.html > https://forums.freebsd.org/threads/10874/ > > Miroslav Lachman
I'm trying to block traffic originating on machine with PF and Squid. The FreeBSD machine resides inside a VirtualBox machine if it matters. Unfortunately, your suggestion didn't cause it to work... _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
