Re: [squid-users] OpenBSD pf and Squid running on Linux.

From: Chad Whitten <[email protected]>
Date: Mon, 17 Feb 2003 15:33:37 -0600

here is what i do
$Int is my internal interface
$SQUIDBOXIP is just the Ip of the squid server
$Lan is my lan - 10.1.1.0/24

no rdr on $Int from $SQUIDBOXIP to any port 80
rdr on $Int inet proto tcp from $Lan to any port 80 -> $SQUIDBOXIP port 3128

so all port 80 requests from the lan get redirected by the openbsd firewall to
the squid box except requests from the squid box itself.

I first tried what you had and also found it didnt work, although it seems
logical.

On Monday 17 February 2003 15:22, Robert Collins wrote:
> On Mon, 2003-02-17 at 13:46, Steve Keate wrote:
> > rdr proto tcp from ! 192.168.250.198 to any port 80 -> 192.168.250.198
> > port 8080
>
> This rule rewrites the TCP header as well as forwarding it to the squid
> box. This means squid can't tell that it was a intercepted request.
>
> I don't know if there is a pf rule to redirect the packet without
> rewriting the TCP header, but thats what you'll need - that or implement
> a WCCP router-end in pf.
>
> Rob

-- 
Chad Whitten
Network/Systems Administrator
neXband Communications
cwhitten@nexband.com
601-944-4801
Received on Mon Feb 17 2003 - 14:33:36 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:26 MST