Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-11 Thread Jason Barbier
In my personal setup to prevent data leakage id leave the internal adapters bridged then remove the external adapter from the bridge, then for IPv4 you can just do standard natting for anything that needs to leave the network but doesnt need to hit the proxy using the rdr-to rules, then IPv6

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-09 Thread Romain FABBRI - Alien Consulting
know forwading requieres 2 networks De : carlos albino garcia grijalba [mailto:genesi...@hotmail.com] Envoyé : jeudi 9 janvier 2014 07:16 À : Romain FABBRI - Alien Consulting; grazzol...@gmail.com; 'Cremator' Cc : 'Misc OpenBSD' Objet : RE: Transparent proxy with Squid on OpenBSD 5.4 ok

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-09 Thread Giancarlo Razzolini
Em 09-01-2014 08:13, Romain FABBRI - Alien Consulting escreveu: In this topology : Computers = Switch = Webfiltering bridge = Router = Internet Without a bridge, a system with 2 network cards won't let : - data from the Computers going to the Router. -

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-08 Thread carlos albino garcia grijalba
i agree with giancarlo why do u need the bridge function? for transparent proxy u dont need the bridge From: romain.fab...@alienconsulting.net To: grazzol...@gmail.com; cremator.li...@gmail.com CC: misc@openbsd.org Subject: Re: Transparent proxy with Squid on OpenBSD 5.4 Date: Fri, 3 Jan

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-08 Thread Romain FABBRI - Alien Consulting
 : Romain FABBRI - Alien Consulting; grazzol...@gmail.com; 'Cremator' Cc : 'Misc OpenBSD' Objet : Re: Transparent proxy with Squid on OpenBSD 5.4 i agree with giancarlo why do u need the bridge function? for transparent proxy u dont need the bridge From: romain.fab...@alienconsulting.net To: grazzol

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-08 Thread carlos albino garcia grijalba
: misc@openbsd.org Subject: RE: Transparent proxy with Squid on OpenBSD 5.4 Date: Thu, 9 Jan 2014 00:18:43 +0100 In fact here is the topology I had in mind : Computers = Switch = Webfiltering bridge = Router = Internet Since I want my system to do both : - the bridge role - webfiltering

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-03 Thread Romain FABBRI - Alien Consulting
: Transparent proxy with Squid on OpenBSD 5.4 Hello, First I have only one line in my pf.conf and it is: pass in log on $int_if inet proto tcp from any \ to port { 80, 8080 } divert-to 127.0.0.1 port 3128 Second my squid.conf has only one line and it is: http_port 127.0.0.1:3128 intercept

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-03 Thread Giancarlo Razzolini
Em 03-01-2014 07:45, Romain FABBRI - Alien Consulting escreveu: Thanks, I tried according to your configuration : First test using the 3128 port as a divert-to port and as a squid http_port with tproxy or intercept statement = No traffic is getting diverted by pf Second test : Same

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-03 Thread Romain FABBRI - Alien Consulting
 : 'Misc OpenBSD' Objet : Re: Transparent proxy with Squid on OpenBSD 5.4 Em 03-01-2014 07:45, Romain FABBRI - Alien Consulting escreveu: Thanks, I tried according to your configuration : First test using the 3128 port as a divert-to port and as a squid http_port with tproxy or intercept

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-03 Thread Romain FABBRI - Alien Consulting
[mailto:grazzol...@gmail.com] Envoyé : vendredi 3 janvier 2014 11:28 À : Romain FABBRI - Alien Consulting; 'Cremator' Cc : 'Misc OpenBSD' Objet : Re: Transparent proxy with Squid on OpenBSD 5.4 Em 03-01-2014 07:45, Romain FABBRI - Alien Consulting escreveu: Thanks, I tried according to your

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-03 Thread Giancarlo Razzolini
Em 03-01-2014 09:36, Romain FABBRI - Alien Consulting escreveu: I'm now filtering on the inside interface : pass in quick log on $int_if inet proto tcp to port 80 divert-to 127.0.0.1 port 3128 It seems that pf is diverting the web traffic since the packets are counted : pfctl -sa -vv

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-03 Thread Remco
Romain FABBRI - Alien Consulting wrote: Hi, I’m trying to do a transparent webfiltering bridge with squid. I’ve used the packages for 5.4 which are squid-3.3.8 and squidGuard-1.4p6 Squid is working fine when the browser uses the vether0 administration interface of the bridge. I mean

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-03 Thread Romain FABBRI - Alien Consulting
janvier 2014 17:46 À : Romain FABBRI - Alien Consulting Cc : misc@openbsd.org Objet : Re: Transparent proxy with Squid on OpenBSD 5.4 Romain FABBRI - Alien Consulting wrote: Hi, I’m trying to do a transparent webfiltering bridge with squid. I’ve used the packages for 5.4 which are squid-3.3.8

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-03 Thread Romain FABBRI - Alien Consulting
I didn't investigate the bridge in itself since it seems to be working as a bridge... #=== # Bridge configuration #=== #vi /etc/hostname.bge0 up #vi /etc/hostname.bge1 up #vi /etc/hostname.vether0 inet 192.168.200.253 255.255.255.0

Transparent proxy with Squid on OpenBSD 5.4

2014-01-02 Thread Romain FABBRI - Alien Consulting
Hi, I’m trying to do a transparent webfiltering bridge with squid. I’ve used the packages for 5.4 which are squid-3.3.8 and squidGuard-1.4p6 Squid is working fine when the browser uses the vether0 administration interface of the bridge. I mean sites are cached and squidGuard is filtering

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-02 Thread Cremator
Hello, First I have only one line in my pf.conf and it is: pass in log on $int_if inet proto tcp from any \ to port { 80, 8080 } divert-to 127.0.0.1 port 3128 Second my squid.conf has only one line and it is: http_port 127.0.0.1:3128 intercept In your config files you are redirecting to port