Allen Theobald wrote: > Greetings, > > I get transparent proxying with squid and pf. > > I get dansguardian and pf. > > What I don't get is squid, dansguardian, and pf. > > pf.conf fragment: > > int_if="gem0" > ext_if="kue0" > > # redirect to squid > rdr on $int_if inet proto tcp from any to any \ > port www -> 127.0.0.1 port 3128 > > ## Allow the redirected connections to pass. > pass in on $int_if inet proto tcp from any to 127.0.0.1 \ > port 3128 keep state > > ## Also, the proxy must be able to establish outgoing > ## connections to external web servers. > pass out on $ext_if inet proto tcp from any to any \ > port www keep state > > pass quick on $int_if > > But now I want to put dansguardian on. It listens on 8080, uses > proxy port 3128. > > How do these rules change? I think I change 3128 to 8080 in the > above rules. But what happens to 3128? Do I still need a 'pass in' > rule for 3128? > > Thanks and take care,
Short answer: yes, change 3128 to 8080. Nothing for 3128 if you're not blocking connections to lo0. Pass in if you restrict lo0. Long(er) answer: I found it helpful if I wanted to route around Dans to use the 'internal_pass' table and there were certain sites that just didn't like squid so I use the oksites table. But those are optional. If you'll just need to watch your rules to the lo0 interface (skip or pass quick). The tun0 interface is for OpenVPN connections as I like the adzapping that adzapper performs - http://adzapper.sourceforge.net/) # Dan's Guardian rdr on $int_if proto tcp from ! <internal_pass> to ! <oksites> port 80 -> 127.0.0.1 port 8080 rdr on tun0 proto tcp from ! <internal_pass> to ! <oksites> port 80 -> 127.0.0.1 port 8080 -Steve S.
