In my personal setup to prevent data leakage id leave the internal
adapters bridged then remove the external adapter from the bridge, then
for IPv4 you can just do standard natting for anything that needs to
leave the network but doesnt need to hit the proxy using the rdr-to
rules, then IPv6
know forwading requieres 2 networks
De : carlos albino garcia grijalba [mailto:genesi...@hotmail.com]
Envoyé : jeudi 9 janvier 2014 07:16
À : Romain FABBRI - Alien Consulting; grazzol...@gmail.com; 'Cremator'
Cc : 'Misc OpenBSD'
Objet : RE: Transparent proxy with Squid on OpenBSD 5.4
ok
Em 09-01-2014 08:13, Romain FABBRI - Alien Consulting escreveu:
In this topology :
Computers = Switch = Webfiltering bridge =
Router = Internet
Without a bridge, a system with 2 network cards won't let :
- data from the Computers going to the Router.
-
i agree with giancarlo why do u need the bridge function? for transparent
proxy u dont need the bridge
From: romain.fab...@alienconsulting.net
To: grazzol...@gmail.com; cremator.li...@gmail.com
CC: misc@openbsd.org
Subject: Re: Transparent proxy with Squid on OpenBSD 5.4
Date: Fri, 3 Jan
: Romain FABBRI - Alien Consulting; grazzol...@gmail.com; 'Cremator'
Cc : 'Misc OpenBSD'
Objet : Re: Transparent proxy with Squid on OpenBSD 5.4
i agree with giancarlo why do u need the bridge function? for transparent
proxy u dont need the bridge
From: romain.fab...@alienconsulting.net
To: grazzol
: misc@openbsd.org
Subject: RE: Transparent proxy with Squid on OpenBSD 5.4
Date: Thu, 9 Jan 2014 00:18:43 +0100
In fact here is the topology I had in mind :
Computers = Switch = Webfiltering bridge = Router = Internet
Since I want my system to do both :
- the bridge role
- webfiltering
: Transparent proxy with Squid on OpenBSD 5.4
Hello,
First I have only one line in my pf.conf and it is:
pass in log on $int_if inet proto tcp from any \ to port { 80, 8080 }
divert-to 127.0.0.1 port 3128
Second my squid.conf has only one line and it is:
http_port 127.0.0.1:3128 intercept
Em 03-01-2014 07:45, Romain FABBRI - Alien Consulting escreveu:
Thanks,
I tried according to your configuration :
First test using the 3128 port as a divert-to port and as a squid http_port
with tproxy or intercept statement
= No traffic is getting diverted by pf
Second test :
Same
: 'Misc OpenBSD'
Objet : Re: Transparent proxy with Squid on OpenBSD 5.4
Em 03-01-2014 07:45, Romain FABBRI - Alien Consulting escreveu:
Thanks,
I tried according to your configuration :
First test using the 3128 port as a divert-to port and as a squid
http_port with tproxy or intercept
[mailto:grazzol...@gmail.com]
Envoyé : vendredi 3 janvier 2014 11:28
À : Romain FABBRI - Alien Consulting; 'Cremator'
Cc : 'Misc OpenBSD'
Objet : Re: Transparent proxy with Squid on OpenBSD 5.4
Em 03-01-2014 07:45, Romain FABBRI - Alien Consulting escreveu:
Thanks,
I tried according to your
Em 03-01-2014 09:36, Romain FABBRI - Alien Consulting escreveu:
I'm now filtering on the inside interface :
pass in quick log on $int_if inet proto tcp to port 80 divert-to
127.0.0.1 port 3128
It seems that pf is diverting the web traffic since the packets are counted
:
pfctl -sa -vv
Romain FABBRI - Alien Consulting wrote:
Hi,
Im trying to do a transparent webfiltering bridge with squid.
Ive used the packages for 5.4 which are squid-3.3.8 and squidGuard-1.4p6
Squid is working fine when the browser uses the vether0 administration
interface of the bridge.
I mean
janvier 2014 17:46
À : Romain FABBRI - Alien Consulting
Cc : misc@openbsd.org
Objet : Re: Transparent proxy with Squid on OpenBSD 5.4
Romain FABBRI - Alien Consulting wrote:
Hi,
Im trying to do a transparent webfiltering bridge with squid.
Ive used the packages for 5.4 which are squid-3.3.8
I didn't investigate the bridge in itself since it seems to be working as a
bridge...
#===
# Bridge configuration
#===
#vi /etc/hostname.bge0
up
#vi /etc/hostname.bge1
up
#vi /etc/hostname.vether0
inet 192.168.200.253 255.255.255.0
Hi,
Im trying to do a transparent webfiltering bridge with squid.
Ive used the packages for 5.4 which are squid-3.3.8 and squidGuard-1.4p6
Squid is working fine when the browser uses the vether0 administration
interface of the bridge.
I mean sites are cached and squidGuard is filtering
Hello,
First I have only one line in my pf.conf and it is:
pass in log on $int_if inet proto tcp from any \
to port { 80, 8080 } divert-to 127.0.0.1 port 3128
Second my squid.conf has only one line and it is:
http_port 127.0.0.1:3128 intercept
In your config files you are redirecting to port
16 matches
Mail list logo