On Tue, Apr 19, 2011 at 1:05 PM, Indunil Jayasooriya
<indunil75_at_gmail.com> wrote:
>
>>> Now, we have to use
>>>
>>> divert-to instead of rdr-to �in pf.conf
>>>
>>>
>>> Pls read below URL where you get the real thing in regard to it. It
>>> was replied by OpenBSD developer Reyk Floeter.
>>>
>>>
>>> http://www.mail-archive.com/misc@openbsd.org/msg101469.html
>>>
>>
>> Aha! so PF provides getsockname() now. That means it will require the
>> ./configure --enable-ipfw-transparent option to Squid.
>
>
> Hi, sorry for the delay in replying.
>
>
> I changed from http_port 3129 intercept to http_port 127.0.0.1:3129
> intercept in squid.conf file.
>
> Here's the rule in pf.conf
>
> pass in log on $int_if proto tcp from $lan_net to any port 80 \
> ��� divert-to 127.0.0.1 port 3129
>>
>
> here's config option, it is with --enable-ipfw-transparent
>
>
> Squid Cache: Version 3.2.0.6
> configure options:� '--datadir=/usr/local/share/squid' '--enable-arp-acl'
> '--enable-basic-auth-helpers=NCSA' '--enable-digest-auth-helpers=password'
> '--enable-delay-pools' '--enable-external-acl-helpers=ip_user'
> '--enable-forw-via-db' '--enable-negotiate-auth-helpers=squid_kerb_auth'
> '--enable-ipfw-transparent' '--enable-removal-policies=lru' '--enable-ssl'
> '--enable-storeio=aufs' '--with-pthreads' '--localstatedir=/var/squid'
> '--prefix=/usr/local' '--sysconfdir=/etc/squid' '--mandir=/usr/local/man'
> '--infodir=/usr/local/info' --enable-ltdl-convenience
>
>
> Now, I can access internet. But, I still get this error.
>
> 2011/04/19 17:55:18 kid1| Intercept.cc(305) PfInterception: PF open failed:
> (13) Permission denied
>
>
> then, I recompiled without --enable-ipfw-transparent ( Now it is without
> both --enable-pf-transparent and --enable-ipfw-transparent)
>
> still , I can access internet. But, Still I get below error.
>
> 2011/04/19 18:26:44 kid1| Intercept.cc(305) PfInterception: PF open failed:
> (13) Permission denied
>
>
>
>
> any comments are welcome from your end.
>
>
>
> thanks a lot.
>
-- Thank you Indunil JayasooriyaReceived on Tue Apr 19 2011 - 07:37:30 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 19 2011 - 12:00:04 MDT