On Thu, Dec 21, 2006 at 03:29:51PM +0200, Dominik Zalewski wrote: > On Thursday 21 December 2006 15:04, Peter N. M. Hansteen wrote: > > Dominik Zalewski <[EMAIL PROTECTED]> writes: > > > I have OpenBSD 4.0 firewall and I would like to redirect all outgoing > > > http requests to my squid web proxy. > > > > Daniel Hartmeier wrote about this a while back, his article can be found at > > http://www.benzedrine.cx/transquid.html > > In this article squid is running on the same machine as OpenBSD firewall. In > my case I have squid running on different machine connected to LAN interface. > My question is can redirect traffic on $int_if to another machine connected > to the same interface? Does this rule is corrrect ? > > rdr pass on $int_if proto tcp from any to any port 80 -> $squid port 8080 > > pfctl doesnt complain about nothing but its simply doesnt work.
This is reflecting a connection back to the same interface The squid proxy tries to reply to the sender, bypassing the firewall. The sender resets the connection since it did not send a packet to the proxy in the first place. This is all discussed in the pf guide: http://www.openbsd.org/faq/pf/rdr.html#reflect with different ways to solve it. Can
