Hi misc.
I've a openbsd 4.7 firewall with 3 nic, one for lan, one for wan and one
for dmz. On the same machine I've a squid proxy, and in dmz i've a web
server.
My problem is when I get a request for the web server on dmz by a lan
client.
In my ruleset I've this rdr rules for http request:
match in on $int proto tcp from $int:network to any port 80 rdr-to
$int:0 port 3128
and it works fine for all requests.
When I make from a $int:network client an http request like
"http://mydomain.ath.cx";, the proxy (working with rdr rule or browser
config) give me the web managment of my router.
Then I've tried a first set:
match in quick on $int proto tcp from $int:network to mydomain.ath.cx
port 80 rdr-to $apache port 80
match in quick on $int proto tcp from $int:network to $int:0 port 3128
rdr-to $apache port 80
match in on $int proto tcp from $int:network to any port 80 rdr-to
$int:0 port 3128
but the behaviour is the same.
I've tried to modify my rdr rules into (second set):
pass in quick on $int proto tcp from $int:network to mydomain.ath.cx
port 80 rdr-to $apache port 80
pass in quick on $int proto tcp from $int:network to $int:0 port 3128
rdr-to $apache port 80
match in on $int proto tcp from $int:network to any port 80 rdr-to
$int:0 port 3128
and it works fine.
I've tried third ruleset:
match in on $int proto tcp from $int:network to any port 80 rdr-to
$int:0 port 3128
match in on $int proto tcp from any to mydomain.ath.cx port 80 rdr-to
$apache port 80
but doesn't work.
My question is about these three ruleset.
Why in the first ruleset match in quick rules, the key quick does not
affect the third rule of squid redirection?
Why the pass rules works instead the match rules?
Why in the third ruleset match in on $int...doesn't work? The rules
parsing is the "last match rule"?
thanks in advance
