Re: Transparent proxy with Squid on OpenBSD 5.4

Thu, 02 Jan 2014 11:33:29 -0800 

Hello,

First I have only one line in my pf.conf and it is:
 pass in log on $int_if inet proto tcp from any \
 to port { 80, 8080 } divert-to 127.0.0.1 port 3128

Second my squid.conf has only one line and it is:
http_port 127.0.0.1:3128 intercept

In your config files you are redirecting to port 3128
and you are intercepting at port 3129.


On Thu, Jan 2, 2014 at 7:55 PM, Romain FABBRI - Alien Consulting <
romain.fab...@alienconsulting.net> wrote:

> Hi,
>
> I’m trying to do a transparent webfiltering bridge with squid.
> I’ve used the packages for 5.4 which are squid-3.3.8 and squidGuard-1.4p6
>
> Squid is working fine when the browser uses the vether0 administration
> interface of the bridge.
> I mean sites are cached and squidGuard is filtering according to my tests
> rules.
>
> But it’s not working when using the bridge as a transparent proxy (without
> specifying a proxy server).
> If someony could give me some advice that would be really helpfull.
>
> Here is my /etc/pf.conf
>
> # Macros & Tables
> ext_if="bge0"
> int_if="bge1"
>
> # Options
> set skip on lo
> set skip on {pfsync}
> set reassemble yes no-df
>
> # Redirect www to our transparent squid proxy
> pass in quick log on $ext_if inet proto tcp to port 80 divert-to 127.0.0.1
> port 3128
> pass out quick from 127.0.0.1 divert-reply
>
> # Allow SSH
> pass quick inet proto tcp from any to 192.168.200.253 port ssh
>
> # Allow mail
> pass out quick proto tcp from $int_if to any port { 25, 143, 993, 995 }
> keep
> state
>
> # Allow Ping/Traceroute/DNS
> pass quick inet proto udp from any to any port domain
> pass quick inet proto tcp from any to any port domain flags S/SA synproxy
> state
> pass quick inet proto icmp all icmp-type { echoreq, unreach } keep state
>
> I’ve tried almost every tutorial on the net but I had no luck with any of
> them using OpenBSD 5.4 and Squid 3.3.8…
> So I’m posting to know if anybody has done this kind of configuration
> successfully.
>
> Happy New Year
> Romain
>
>
>
> In /etc/squid/squid.conf I have configured ports like that :
>
> http_port 3128
> http_port 127.0.0.1:3129 intercept

Reply via email to