Romain FABBRI - Alien Consulting wrote: > Hi, > > Im trying to do a transparent webfiltering bridge with squid. > Ive used the packages for 5.4 which are squid-3.3.8 and squidGuard-1.4p6 > > Squid is working fine when the browser uses the vether0 administration > interface of the bridge. > I mean sites are cached and squidGuard is filtering according to my tests > rules. > > But its not working when using the bridge as a transparent proxy (without > specifying a proxy server). > If someony could give me some advice that would be really helpfull. > > Here is my /etc/pf.conf > > # Macros & Tables > ext_if="bge0" > int_if="bge1" > > # Options > set skip on lo > set skip on {pfsync} > set reassemble yes no-df > > # Redirect www to our transparent squid proxy > pass in quick log on $ext_if inet proto tcp to port 80 divert-to 127.0.0.1 > port 3128 > pass out quick from 127.0.0.1 divert-reply > > # Allow SSH > pass quick inet proto tcp from any to 192.168.200.253 port ssh > > # Allow mail > pass out quick proto tcp from $int_if to any port { 25, 143, 993, 995 } > keep state > > # Allow Ping/Traceroute/DNS > pass quick inet proto udp from any to any port domain > pass quick inet proto tcp from any to any port domain flags S/SA synproxy > state > pass quick inet proto icmp all icmp-type { echoreq, unreach } keep state > > Ive tried almost every tutorial on the net but I had no luck with any of > them using OpenBSD 5.4 and Squid 3.3.8 > So Im posting to know if anybody has done this kind of configuration > successfully. > > Happy New Year > Romain > > > > In /etc/squid/squid.conf I have configured ports like that : > > http_port 3128 > http_port 127.0.0.1:3129 intercept
Is it possible that some of your rules are never processed, and therefore have no effect, because of the "skip" rule on interface "lo" ?