Hi,
Im trying to do a transparent webfiltering bridge with squid.
Ive used the packages for 5.4 which are squid-3.3.8 and squidGuard-1.4p6
Squid is working fine when the browser uses the vether0 administration
interface of the bridge.
I mean sites are cached and squidGuard is filtering according to my tests
rules.
But its not working when using the bridge as a transparent proxy (without
specifying a proxy server).
If someony could give me some advice that would be really helpfull.
Here is my /etc/pf.conf
# Macros & Tables
ext_if="bge0"
int_if="bge1"
# Options
set skip on lo
set skip on {pfsync}
set reassemble yes no-df
# Redirect www to our transparent squid proxy
pass in quick log on $ext_if inet proto tcp to port 80 divert-to 127.0.0.1
port 3128
pass out quick from 127.0.0.1 divert-reply
# Allow SSH
pass quick inet proto tcp from any to 192.168.200.253 port ssh
# Allow mail
pass out quick proto tcp from $int_if to any port { 25, 143, 993, 995 } keep
state
# Allow Ping/Traceroute/DNS
pass quick inet proto udp from any to any port domain
pass quick inet proto tcp from any to any port domain flags S/SA synproxy
state
pass quick inet proto icmp all icmp-type { echoreq, unreach } keep state
Ive tried almost every tutorial on the net but I had no luck with any of
them using OpenBSD 5.4 and Squid 3.3.8
So Im posting to know if anybody has done this kind of configuration
successfully.
Happy New Year
Romain
In /etc/squid/squid.conf I have configured ports like that :
http_port 3128
http_port 127.0.0.1:3129 intercept
