On 7/31/05, Giovanni P. Tirloni <[EMAIL PROTECTED]> wrote: > Abu Khaled wrote: > > On 7/30/05, Giovanni P. Tirloni <[EMAIL PROTECTED]> wrote: > > > >>Giovanni P. Tirloni wrote: > >> > >>>Max Laier wrote: > >>> > >>> > >>>>One thing comes to my mind: What does > >>>> $sysctl net.inet.ip.forwarding > >>>>say? > >>> > >>> > >>># sysctl net.inet.ip.forwarding > >>>net.inet.ip.forwarding: 1 > >>> > >>>I had some tweaks in /etc/sysctl but disabling them didn't help either. > >>> > >>>#net.inet.ip.check_interface=1 > >>>#net.inet.tcp.blackhole=2 > >>>#net.inet.udp.blackhole=1 > >>> > >> > >> I forgot to mention this box had ipfw+dummnyet (with two queues) > >>activated. I disabled ipfw in the kernel and pf rdr worked again! Just > >>removing the ipfw rules didn't work. > >> > >> Weird enough, I don't have dummynet on the other 2 machines that have > >>the same problem. But ipfw is compiled in but disabled. > >> > >> I'll try to disable ipfw on the other boxes and see what happens there > >>to confirm this. > > > > > > If ipfw is compiled in the kernel and it defaults to deny all, then > > you need to add rules for ipfw to allow connections to and from > > localhost (127.0.0.1 and port 3128). Otherwise ipfw well drop 'pf rdr > > traffic'. > > > > # ipfw add allow tcp from $lan_net to 127.0.0.1 3128 > > # ipfw add allow tcp from 127.0.0.1 3128 to $lan_net > > > > Put the rules before any anti spoofing rules in ipfw. > > > > I think there's something in the code that makes it not work because I > set ipfw to accept by default on every machine I have. There must be > something else. >
Sounds confusing !!! Do you mind providing you ipfw/pf rules and the output of: # squid -v # ls -l /dev/pf Just to have a look at them while I scratch my head (to express the confused system administrator emotion). -- Regards. Abu Khaled _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"