PF redirection and pflogging

Thu, 21 Aug 2008 13:58:56 -0700 

List,
I am having some issues while redirecting traffic to port 80 on the $squid_server. 


I have this server serving two purpose:  apache web server and squid  
server. I can definately get to the PROXY services fine but cannot get  
to the WWW (port 80) on the same server.



Another issue is that when I try to actively look at the pflog by  
running "tcpdump -n -e -ttt -i pflog0  " , I don't get anything even  
when the traffic is passing and/or getting blocked.


Any help is highly appreciated.

thx.


For this I have the following pf config:


ext_if="sk0"
int_if="gem0"
pf_log="pflog0"
webby
set skip on enc0
set skip on gre0

external_ip="70.40.22.17"
external_ips="{70.40.22.17 70.40.22.18 70.40.22.19}"
external_net="{70.40.22.17 70.40.22.18 70.40.22.19}"


internal_ip="172.16.10.10"
internal_networks="{172.16.10.0/24 172.16.100.0/24 172.16.200.0/24}"

webby_ip="70.40.22.18"
webby_server="172.16.10.11"

squid_ip="70.40.22.19"
squid_server="172.16.10.12"

# block_ip="70.40.22.20"
block_server="172.16.10.12"

######TABLES########
table <bruteforce> persist
table <kiddies> persist

#### OPTIONS #####
set loginterface $ext_if
set loginterface $int_if
scrub in

#### NAT/REDIRECTS ####

nat on $ext_if from !($ext_if) to any -> ($ext_if:0)


# rdr pass on $ext_if proto tcp from any to $block_ip port 80 ->  
$squid_server port 80
rdr pass on $ext_if proto tcp from any to $webby_ip port 80 ->  
$webby_server port 80
rdr pass on $ext_if proto tcp from any to $webby_ip port 443 ->  
$webby_server port 443
rdr pass on $ext_if proto tcp from any to $squid_ip port 3128 ->  
$squid_server port 3128
rdr pass on $ext_if proto tcp from any to $squid_ip port 80 ->  
$squid_server port 80


###### FILTERS #####
block log quick from <bruteforce>
block log quick from <kiddies>
block in log on $pf_log


# pass in quick on $int_if
pass out keep state

pass in on $ext_if proto icmp from any to $external_ip keep state

pass in on $ext_if proto tcp from any to $external_ip port ssh keep  
state

pass in on $ext_if proto tcp from any to $webby_ip port 80 keep state
pass in on $ext_if proto tcp from any to $webby_ip port 443 keep state

pass in log (all, to $pf_log) on $ext_if proto tcp from any to  
$squid_ip port 3128 keep state

pass in on $ext_if proto tcp from any to $squid_ip port 80 keep state
# pass in on $ext_if proto tcp from any to $block_ip port 80 keep state

pass in on $ext_if proto tcp from any to $external_ips port 22 keep  
state
pass inet proto tcp from any to $external_net port 22 flags S/SA keep  
state (max-src-conn 25, max-src-conn-rate 15/5, overload <bruteforce>  
flush global)

# block in quick on $ext_if























					Reply via email to