here is what i do $Int is my internal interface $SQUIDBOXIP is just the Ip of the squid server $Lan is my lan - 10.1.1.0/24
no rdr on $Int from $SQUIDBOXIP to any port 80 rdr on $Int inet proto tcp from $Lan to any port 80 -> $SQUIDBOXIP port 3128 so all port 80 requests from the lan get redirected by the openbsd firewall to the squid box except requests from the squid box itself. I first tried what you had and also found it didnt work, although it seems logical. On Monday 17 February 2003 15:22, Robert Collins wrote: > On Mon, 2003-02-17 at 13:46, Steve Keate wrote: > > rdr proto tcp from ! 192.168.250.198 to any port 80 -> 192.168.250.198 > > port 8080 > > This rule rewrites the TCP header as well as forwarding it to the squid > box. This means squid can't tell that it was a intercepted request. > > I don't know if there is a pf rule to redirect the packet without > rewriting the TCP header, but thats what you'll need - that or implement > a WCCP router-end in pf. > > Rob -- Chad Whitten Network/Systems Administrator neXband Communications [EMAIL PROTECTED] 601-944-4801