On 1/2/11 10:59 PM, j...@experts-exchange.com wrote:
> From studying squid rules, I found the following pf rule set. Does this do
> something similar to what I'm after? I tried something like this but it
> didn't help.
>
> int_if="gem0"
> ext_if="kue0"
>
> rdr on $int_if inet proto tcp from any
>From studying squid rules, I found the following pf rule set. Does this do
something similar to what I'm after? I tried something like this but it
didn't help.
int_if="gem0"
ext_if="kue0"
rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128
pass in on $int_if inet proto
Is there a way to see what the rule is doing? It didn't have any effect.
I've been trying different combinations, sometimes targeting
192.168.103.2. One test locked up the host.
> On 1/2/11 9:04 PM, j...@experts-exchange.com wrote:
>> Here I want :
>>
>> nn:nn:nn.nn IP 127.0.0.1.51791 > 192
On 1/2/11 9:04 PM, j...@experts-exchange.com wrote:
> Here I want :
>
> nn:nn:nn.nn IP 127.0.0.1.51791 > 192.168.103.2.80: Flags [S], ack ...
>
> int_if="lo0"
> ext_if="ed0"
>
> pass in on $int_if route-to ($int_if 127.0.0.1) from 192.168.103.1 keep state
>
> But no good (it's not able to s
> In other software such as HTTP that you took for example, there's this
> special X-Forwarded-For header which covers this very need.
Squid can talk SSL, so insertion of XFF is possible. But for other
applications, XFF is of no use.
> IMO you shouldn't have to tweak around with the firewall or t
In other software such as HTTP that you took for example, there's this
special X-Forwarded-For header which covers this very need.
IMO you shouldn't have to tweak around with the firewall or the IP stack
to make up for a missing capability but nvm.
Perhaps these 2 PF rules would be of use to you
Hi Damien,
Here I am using HTTP traffic as an illustration, but for other generic
services without the built in SSL layer, it would be highly advantageous
to be able to add stunnel to do the job. The target application (e.g. VNC,
database client/server connection, and so on) need not be re-coded.
Hi Jay,
I'm not sure what you're trying to achieve here.
Are you actually using proxy software at all, or only a PF redirect rule ?
Are you trying to set up a FORWARD or a REVERSE proxy ?
What do you use stunnel for, SSL/TLS connectivity ?
On 1/2/11 5:38 AM, j...@experts-exchange.com wrote:
