On Wed, Dec 04, 2002 at 02:24:10PM -0500, Todd Chandler wrote: > We are experimenting with OpenBSD and have an issue that we haven't been > able to figure out. We would like to force all outbound http and https > traffic to a proxy server for content filtering before it leaves our > network. How do we configure PF to force all http and https traffic to > go to the proxy server? The proxy server and client machines are > located on the same internal subnet. We simply want http and https > traffic to pass through only after it has been sent through the proxy.
See '6.3.3 Nat Knowledge Base', section 'Redirection and reflection' in the FAQ (http://www.openbsd.org/faq/faq6.html#NAT) for an explanation of such setups. If you can add a third network interface and connect the proxy server there, the redirection is straight forward. You'd just add rdr rules for the internal interface (clients' network) to redirect connections with destination port 80/443 to the proxy server. Connections of the proxy server to the external servers wouldn't get redirected, then. Daniel
