View Single Post
  #1   (View Single Post)  
Old 25th August 2011
silverstream silverstream is offline
New User
 
Join Date: Aug 2011
Posts: 1
Default pf routing to proxy

I've run into an odd problem trying to get pf to route properly to a proxy box. The set up we have is: individual testing PC, pf (OpenBSD 4.7), proxy (CentOS 5.2, Apache 2.2).

Code:
                                          Internet
                                            /     \
                                           /       \
                                          /         \
                                 proxy -------- firewall
                                                         |
                                                         |
                                                     test box
We're trying to get packets bound for any:80 from the test box to go to the proxy, then out to the Internet, then back through the proxy to the test box.

The rules for this are:
pass out quick on $ext_if proto tcp from $test_box to any port 80 rdr-to $proxy port 8080

(Test box and proxy IPs are obscured here, but they're spelled out in the actual rule.)

On the test box, the proxy works fine if it's set directly in Firefox. Otherwise, connections hang and no data is returned. Running tcpdump on the proxy, I can see the traffic coming in from the test box at first, but it never responds to any ack packets going back out from the proxy. On the firewall, tcpdump and pf -ss show the packets going from the test box to the proxy, but they're getting lost.

The proxy and test box are on two different private networks, but the proxy has a static route to use the firewall as its router when trying to reach the test box network.

Can anyone think of what the problem could be?

TIA.

Last edited by phoenix; 25th August 2011 at 06:43 PM.
Reply With Quote