You can too try this: pass in on $int proto tcp from $int:network to port www route-to ( $dmz $ip_of_squid ) pass out on $dmz proto tcp to $ip_of_squid to port www
Cheers 2011/5/9 Stuart Henderson <s...@spacehopper.org> > If possible, put the proxy server on a different vlan. > > If you can't, try the method in > http://www.openbsd.org/faq/pf/rdr.html#rdrnat > It works, but your proxy logs will then only show the firewall's address > rather than the original client addresses. > > > On 2011-05-09, Alessandro Baggi <alessandro.ba...@gmail.com> wrote: > > Hi list. I've a question about positioning a proxy server into the LAN. > > I've tried this in dmz (also in transparent mode + rdr pf), and works > > great, but now I'm trying to put this proxy in LAN. > > Also in this case it works, but when I try to set it in transparent > > mode, and put rdr rules on the firewall (OpenBSD 4.8): > > > > match in on $int proto tcp from $int:network to any port 80 rdr-to > > $proxy port 3128 > > > > it does not work, and the request seems not be redirected on the proxy. > > I've ridden this: > > > > http://www.openbsd.org/faq/pf/rdr.html > > > > I'm trying to get solution only with pf rules without no results. > > Could some point me in the right direction? > > > > Thanks in advance
