Kevin, good day. Thu, Nov 27, 2008 at 08:26:55PM +0800, Kevin Foo wrote: > I recently setup a bridge box with inline cache proxy. if_bridge with > pf filtering was working perfectly. However, squid-cache listening on > loopback device did not get any packets from pf rdr. I have seen > successful setups with OpenBSD's bridge spamd which rather a similar > setup. Is something broken on FreeBSD's if_bridge or am I missing some > configuration here?
pf can 'rdr' only incoming packets (from 'man pf.conf'):
-----
Evaluation order of the translation rules is dependent on the type of the
translation rules and of the direction of a packet. binat rules are
always evaluated first. Then either the rdr rules are evaluated on an
inbound packet or the nat rules on an outbound packet. Rules of the same
type are evaluated in the same order in which they appear in the ruleset.
The first matching rule decides what action is taken.
-----
So this can be just pf-related. And may be not, as usual...
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
pgp7r3RYXkW0Q.pgp
Description: PGP signature
