On Thursday 28 July 2005 14:47, Giovanni P. Tirloni wrote:
> Hello,
>
> I've deployed dozens of gateways with transparent HTTP proxy but this
> time it isn't working and I suspect pf is somehow involved in this.
> Packets aren't being redirected anywhere. I've disabled filtering
> totally to debug this.
>
> I've a rule to redirect every connection attempt to port 80 to
> 127.0.0.1 port 3128:
>
> rdr on $lan_if proto tcp from { $lan_net } to any port 80 -> 127.0.0.1
> port 3128
>
> In squid.conf I've enabled this:
>
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
>
> The rdr rule is being matched and with tcpdump I see packets coming
> into the $lan_if but nothing gets to $ext_if or loopback. They simply
> disappear (and the originating machine doesn't get a answer back).
>
> Running tcpdump on pflog0 doesn't show anything either (as expected
> since there's no filter rule).
>
> This was happening on 5.3-STABLE and I updated the system to
> 5.4-STABLE this week. Both $int_if and $ext_if are vr interfaces.
>
> Weird enough.. this works on every other box except this and another
> one. And nothing fixes it.
>
> Any way to debug this ? I've run out of ideas.
One thing comes to my mind: What does
$sysctl net.inet.ip.forwarding
say?
> Thanks in advance,
--
/"\ Best regards, | [EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
pgpMOGLCnUPyT.pgp
Description: PGP signature
