Hi,
I've trying to get my rules running for my transparent squid running on
port 3129. My NAT is working fine, even I'm not using squid the internel
network can browse the internet. The problem is on that match rules for the
squid. As I'm referring
http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf , it's tell
that to divert-to on match rules, but when I test, there's an error said
that ' divert is not supported on match rules'. Is there any mistake ?
My rules :
int_if="em1"
ext_if="em0"
tcp_services="{ 22 }"
icmp_types="echoreq"
set block-policy return
set loginterface egress
set skip on lo
anchor "ftp-proxy/*"
pass in quick on $int_if inet proto tcp to port 21 divert-to 127.0.0.1 port
8021
match out on egress inet from !(egress:network) to any nat-to (egress:0)
*match in inet proto tcp from $int_if to any port 80 divert-to
192.168.1.124 port 3129*
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on egress inet proto tcp from any to (egress) \
port $tcp_services
pass in quick on $int_if
pass in quick on $ext_if
*pass in on $ext_if inet proto tcp from any to 192.168.1.124 port 80
divert-to 192.168.1.124 port 3129*
block in on ! lo0 proto tcp to port 6000:6010
p/s : I'm using Squid Cache: Version 2.7.STABLE9
Your help is appreciated :)
--
--
7.2-RELEASE-p6
