Romain FABBRI - Alien Consulting wrote:
> Hi,
>
> Im trying to do a transparent webfiltering bridge with squid.
> Ive used the packages for 5.4 which are squid-3.3.8 and squidGuard-1.4p6
>
> Squid is working fine when the browser uses the vether0 administration
> interface of the bridge.
> I mean sites are cached and squidGuard is filtering according to my tests
> rules.
>
> But its not working when using the bridge as a transparent proxy (without
> specifying a proxy server).
> If someony could give me some advice that would be really helpfull.
>
> Here is my /etc/pf.conf
>
> # Macros & Tables
> ext_if="bge0"
> int_if="bge1"
>
> # Options
> set skip on lo
> set skip on {pfsync}
> set reassemble yes no-df
>
> # Redirect www to our transparent squid proxy
> pass in quick log on $ext_if inet proto tcp to port 80 divert-to 127.0.0.1
> port 3128
> pass out quick from 127.0.0.1 divert-reply
>
> # Allow SSH
> pass quick inet proto tcp from any to 192.168.200.253 port ssh
>
> # Allow mail
> pass out quick proto tcp from $int_if to any port { 25, 143, 993, 995 }
> keep state
>
> # Allow Ping/Traceroute/DNS
> pass quick inet proto udp from any to any port domain
> pass quick inet proto tcp from any to any port domain flags S/SA synproxy
> state
> pass quick inet proto icmp all icmp-type { echoreq, unreach } keep state
>
> Ive tried almost every tutorial on the net but I had no luck with any of
> them using OpenBSD 5.4 and Squid 3.3.8
> So Im posting to know if anybody has done this kind of configuration
> successfully.
>
> Happy New Year
> Romain
>
>
>
> In /etc/squid/squid.conf I have configured ports like that :
>
> http_port 3128
> http_port 127.0.0.1:3129 intercept
Is it possible that some of your rules are never processed, and therefore have
no effect, because of the "skip" rule on interface "lo" ?
