Stuart Henderson escreveu:
On 2008-12-30, Giancarlo Razzolini <linux-...@onda.com.br> wrote:
fRANz escreveu:
Hi.
I've some trouble with this configuration:
LAN -- fw (openbsd 4.4) -- adsl router
LAN: 192.168.100.0/24
fw int int: sis1
fw int ind: 192.168.100.2
fw ext int: sis0
fw ext ind: 10.0.0.2
router int ind: 10.0.0.1
I try to configure pf to redirect all web traffic from internal lan to
an internal squid server (192.168.100.8) but rdr doens't works.
Now clients works _without_ proxy; when I enable this rule:
Create a new entry on inetd.conf, much of the one in the pf faq:
127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w 20
192.168.100.8 3128
Restart inetd and then, instead of making a rdr rule redirecting the
traffic to the squid server, you redirect it to the port your inetd is
listening. The netcat then will create a connection to your squid server
and everything should work:
rdr pass on $int_if inet proto tcp from any to port www -> 127.0.0.1
port 5000
the rdr+nat rule combination from the same faq page is slightly less
insane for this use, but it still means you lose IP addresses from the
squid logs, which you might not want to lose.
it's better to put the squid on a different network interface + subnet.
The is this downside, well noted. But, with some simple tricks, you can
make a log on the firewall also, with the page's people are accessing.
But, just a question, why not put the squid proxy in the firewall?
My regards,
--
Giancarlo Razzolini
http://lock.razzolini.adm.br
Linux User 172199
Red Hat Certified Engineer no:804006389722501
Verify:https://www.redhat.com/certification/rhce/current/
Moleque Sem Conteudo Numero #002
OpenBSD Stable
Ubuntu 8.04 Hardy Heron
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
