Re: help with pf and transparent squid

2008-12-30 Thread Giancarlo Razzolini
Stuart Henderson escreveu: On 2008-12-30, Giancarlo Razzolini wrote: fRANz escreveu: Hi. I've some trouble with this configuration: LAN -- fw (openbsd 4.4) -- adsl router LAN: 192.168.100.0/24 fw int int: sis1 fw int ind: 192.168.100.2 fw ext int: sis0 fw ext ind: 10.0.0.2 router in

Re: help with pf and transparent squid

2008-12-30 Thread Stuart Henderson
On 2008-12-30, Giancarlo Razzolini wrote: > fRANz escreveu: >> Hi. >> >> I've some trouble with this configuration: >> >> LAN -- fw (openbsd 4.4) -- adsl router >> >> LAN: 192.168.100.0/24 >> fw int int: sis1 >> fw int ind: 192.168.100.2 >> fw ext int: sis0 >> fw ext ind: 10.0.0.2 >> router int in

Re: help with pf and transparent squid

2008-12-30 Thread Giancarlo Razzolini
fRANz escreveu: Hi. I've some trouble with this configuration: LAN -- fw (openbsd 4.4) -- adsl router LAN: 192.168.100.0/24 fw int int: sis1 fw int ind: 192.168.100.2 fw ext int: sis0 fw ext ind: 10.0.0.2 router int ind: 10.0.0.1 I try to configure pf to redirect all web traffic from internal

Re: help with pf and transparent squid

2008-12-26 Thread System Administrator
On 27 Dec 2008 at 1:02, fRANz wrote: > On Fri, Dec 26, 2008 at 7:50 PM, System Administrator > wrote: > > > Here is a hint to simpler life: to avoid assymtric routing make sure > > that all you redirect (RDR) rules fully traverse the firewall, i.e. the > > source and destination are connected t

Re: help with pf and transparent squid

2008-12-26 Thread fRANz
On Fri, Dec 26, 2008 at 7:50 PM, System Administrator wrote: > Here is a hint to simpler life: to avoid assymtric routing make sure > that all you redirect (RDR) rules fully traverse the firewall, i.e. the > source and destination are connected to different interfaces. In your > case that would m

Re: help with pf and transparent squid

2008-12-26 Thread System Administrator
What you are attempting is known as "assymetric routing". An extensive search of the archives will show that it has been discussed a number of times, and the configuration you are attempting _can_ be made to work. However, to get it working [properly] requires a fairly advanced routing an pf kn

help with pf and transparent squid

2008-12-26 Thread fRANz
Hi. I've some trouble with this configuration: LAN -- fw (openbsd 4.4) -- adsl router LAN: 192.168.100.0/24 fw int int: sis1 fw int ind: 192.168.100.2 fw ext int: sis0 fw ext ind: 10.0.0.2 router int ind: 10.0.0.1 I try to configure pf to redirect all web traffic from internal lan to an interna