Hi, I've trying to get my rules running for my transparent squid running on port 3129. My NAT is working fine, even I'm not using squid the internel network can browse the internet. The problem is on that match rules for the squid. As I'm referring http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf , it's tell that to divert-to on match rules, but when I test, there's an error said that ' divert is not supported on match rules'. Is there any mistake ?
My rules : int_if="em1" ext_if="em0" tcp_services="{ 22 }" icmp_types="echoreq" set block-policy return set loginterface egress set skip on lo anchor "ftp-proxy/*" pass in quick on $int_if inet proto tcp to port 21 divert-to 127.0.0.1 port 8021 match out on egress inet from !(egress:network) to any nat-to (egress:0) *match in inet proto tcp from $int_if to any port 80 divert-to 192.168.1.124 port 3129* block in log pass out quick antispoof quick for { lo $int_if } pass in on egress inet proto tcp from any to (egress) \ port $tcp_services pass in quick on $int_if pass in quick on $ext_if *pass in on $ext_if inet proto tcp from any to 192.168.1.124 port 80 divert-to 192.168.1.124 port 3129* block in on ! lo0 proto tcp to port 6000:6010 p/s : I'm using Squid Cache: Version 2.7.STABLE9 Your help is appreciated :) -- -- 7.2-RELEASE-p6