Em 03-01-2014 09:36, Romain FABBRI - Alien Consulting escreveu:
> I'm now filtering on the inside interface :
> pass in quick log on $int_if inet proto tcp to port 80 divert-to
> 127.0.0.1 port 3128
>
> It seems that pf is diverting the web traffic since the packets are counted
> :
>
> pfctl -sa -vv
> @0 pass in log quick on bge1 inet proto tcp from any to any port = 80
> flags S/SA divert-to 127.0.0.1 port 3128
> [ Evaluations: 3534 Packets: 1741 Bytes: 1788725 States:
> 17 ]
> [ Inserted: uid 0 pid 8777 State Creations: 17 ]
>
> If I comment the default squid port and put the intercept statement as my
> divert-to port, like this :
> #http_port 3128
> http_port 127.0.0.1:3128 intercept
>
> I get :
> - lots of "ERROR: No forward-proxy ports configured." lines when I run squid
> - squidGuard is not blocking sites (that does work in non transparent mode)
>
> Maybe I get the error message because newers version of squid requieres 2
> ports (in order to serve files, like icons...)
>
> I find nothing in my squid.conf that would prevent caching when
> intercepting...
> That's stange...
>
>
Well,
My setup and the other one provided, do not use a bridge. The
openbsd machine is the default gateway for the machines that are being
intercepted with squid. But the conf both of squid and pf is the same as
yours. It seems to me a issue with your bridge. If you could provide
it's configuration it would be helpful. Also, I do not use squidguard.
Try first make squid to work.
Cheers,
--
Giancarlo Razzolini
GPG: 4096R/77B981BC
