Hi all!
I would like to build a transparente proxy with pf+squid3.0, in bridge
mode.But it seems that I can't make pf and bridge work properly.
Here is my enviroment:
myLan->FreeBSD(pf+squid3.0)->gateway->Internet
I just follow the steps building the bridge which were discribed in
hankbook,using these commands:
# ifconfig bridge create
# ifconfig bridge0 addm fxp0 addm fxp1 up
# ifconfig fxp0 up
# ifconfig fxp1 up
but I can't ping the Internet without ip,so I try
# ifconfig fxp0 192.168.1.5/24
# route add default 192.168.1.1(my gateway's ip)
and after that, I can ping the Internet in myLan,then I think my bridge can
work!
then I add these to my pf.conf:
int_if="fxp0"
ext_if="fxp1"
rdr pass on $int_if inet proto tcp from any to any port www->127.0.0.1 port
3128(my squid)
pass in all
pass out all
but myLan pc can't surf the webpages using my proxy.
And when I turn off pf,myLan pc can surf again!
while using pfctl -ss, I can see
self tcp 127.0.0.1:3128<-x.x.x.x:80-<
but I can't see any requests in my squid,and then I made some tests:
rdr pass on $int_if inet proto tcp from any to any port
www->www.google.comport 80
It works!
rdr pass on $int_if inet proto tcp from any to any port
www->192.168.1.121port 80(I just build an apache in one of my lan pc)
It didn't work.
So I guess maybe there is something wrong with my pf and bridge.
Is anybody know what's the problem?Any idea will be appreciated,thanks!
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
