On 5/18/05, Tomas Quintero <[EMAIL PROTECTED]> wrote: > I use PF myself.
I've disabled my ipfw and natd stuff in rc.conf. Trying only with pf now. I'm still having problems getting this to work. Most sites I go to fail to load, google.com for example. Other sites, the HTML loads but not the images, slashdot.org for example. See anything wrong with my conf files ? squid.conf: acl all src 0.0.0.0/0.0.0.0 acl our_networks src 10.0.0.0/8 acl to_localhost dst 127.0.0.0/8 http_port 127.0.0.1:3128 http_access deny to_localhost http_access allow our_networks visible_hostname gateway.localdomain httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on pf.conf: ext_if="dc0" int_if="dc1" internal_net="10.0.0.0/8" external_addr="24.159.59.97" rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128 pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state pass out on $ext_if inet proto tcp from any to any port www keep state my pf setting from rc.conf: pf_enable="YES" pf_rules="/etc/pf.conf" pf_flags="" pflog_enable="YES" pflog_logfile="/var/log/pflog" pflog_flags="" gateway_enable="YES" With these settings I have no NAT and most of the sites I try I can't reach, it acts lik eI'm trying to access a broekn DNS server or something. I have a local DNS server 10.0.0.2 that works fine with my old ipfw setup. I read in the pf docs that gateway_enable="YES" activates a pf NAT or something to that effect. Is there more to do? Seems I have _something_ working, but it's not working 100% yet. Or better yet does anyone have a transparent proxy setup they might share their conf files from with me? I'll do the diff :) Thanks, -- Greg Donald Zend Certified Engineer http://destiney.com/ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"