now it works,
thank you Daniel much!
Daniel Hartmeier (dan...@benzedrine.cx) [11.04.26 11:58] wrote:
> Remember, only the initial (first) packet of a connection causes
> ruleset evaluation, hence rules can be said to apply to the initial
> packets of connections (everything else is covered by stat
On Tue, Apr 26, 2011 at 10:49:24AM +0300, Zeus V Panchenko wrote:
> here we see outgoing via $if_wan traffic successfully coming through wan_http
> queue, the rull 18
> but no traffic comming trough the rull 24 but 10 instead ...
>
> so, what am i missing, please?
>
> why pflog row:
> ... rule
Daniel Hartmeier (dan...@benzedrine.cx) [11.04.15 09:37] wrote:
> First, incoming and outgoing in context of pf.conf rules are
> relative to the firewall (and not your LAN vs. the internet),
> e.g. incoming means 'enters the firewall through an interface
> from a network' and outgoing means 'exits
On Mon, Apr 11, 2011 at 06:22:30PM +0300, Zeus V Panchenko wrote:
> first rull catches traffic from LAN to inet so, the sequence is:
>
> LAN -> if_lan -> proxy server -> if_wan -> inet -> some_web_server
>
> and backward ...
>
> some_web_server -> if_wan -> proxy server -> if_lan -> LAN
>
> i
Daniel Hartmeier (dan...@benzedrine.cx) [11.04.11 11:57] wrote:
> On Mon, Apr 11, 2011 at 11:06:48AM +0300, Zeus V Panchenko wrote:
>
> > pass out log (all) on $if_wan inet proto { tcp, udp } from $if_wan:0 \
> > to any port { $ports_proxy } keep state queue wan_http
> > pass out log (all) on
On Mon, Apr 11, 2011 at 11:06:48AM +0300, Zeus V Panchenko wrote:
> pass out log (all) on $if_wan inet proto { tcp, udp } from $if_wan:0 \
> to any port { $ports_proxy } keep state queue wan_http
> pass out log (all) on $if_lan inet proto { tcp, udp } from any port {
> $ports_proxy } \
>
Thank you Daniel for reply,
Daniel Hartmeier (dan...@benzedrine.cx) [11.04.11 09:18] wrote:
> On Mon, Apr 11, 2011 at 08:45:44AM +0300, Zeus V Panchenko wrote:
> It seems you want log(all), but are only using log, see pf.conf(5):
it didn't help ...
pftop output still shows no lan_http counters an
On Mon, Apr 11, 2011 at 08:45:44AM +0300, Zeus V Panchenko wrote:
> what i am missing, please? why traffic outgoing to LAN is missed on pflog0?
It seems you want log(all), but are only using log, see pf.conf(5):
log Only the packet that establishes the state is logged
log (all)
Hi all,
while trying to shape bandwidth for transparent proxy traffic i faced
weird for me behaviuor ... may somebody help to understand where i am
mistaking, please?
i use squid as proxy (installed from ports and configured with
WITH_SQUID_PF=true, WITH_SQUID_IPFILTER=true), it works and my LAN
