Em 03-01-2014 07:45, Romain FABBRI - Alien Consulting escreveu:
> Thanks,
>
> I tried according to your configuration :
>
> First test using the 3128 port as a divert-to port and as a squid http_port
> with tproxy or intercept statement
> => No traffic is getting diverted by pf
>
> Second test :
> Same test but using the 3129 port as a divert-to port
> 2 lines un squid.conf file :
> http_port 3128
> http_port 127.0.0.1:3129 tproxy // I also tried with intercept too
> but no change
>
> In both tests : the web traffic (http 80) doesn't get caught by the
> divert-to directive...
> I tried to tcpdump on the lo0 interface but I got nothing.
>
> Seems like a pf problem to me...
>
> My browser accessed the internet without any restriction and without being
> cached...
>
>
Hi,
My pf.conf only have one line also which is the one that divert the
relevant traffic to the squid port. My squid.conf has only one http_port
directive that is the intercept one. If you run pfctl -sa -vv do you see
any states created by your divert rule? It seems to me that you have
some issue with your pf rules. From what I saw, they do not specify
directions nor interfaces which might cause you trouble. Also, your
divert rule is on your external interface, that should be done on
packets coming IN your internal interface.
Cheers,
--
Giancarlo Razzolini
GPG: 4096R/77B981BC
