Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 25th August 2011
silverstream silverstream is offline
New User
Join Date: Aug 2011
Posts: 1
Default pf routing to proxy

I've run into an odd problem trying to get pf to route properly to a proxy box. The set up we have is: individual testing PC, pf (OpenBSD 4.7), proxy (CentOS 5.2, Apache 2.2).

                                            /     \
                                           /       \
                                          /         \
                                 proxy -------- firewall
                                                     test box
We're trying to get packets bound for any:80 from the test box to go to the proxy, then out to the Internet, then back through the proxy to the test box.

The rules for this are:
pass out quick on $ext_if proto tcp from $test_box to any port 80 rdr-to $proxy port 8080

(Test box and proxy IPs are obscured here, but they're spelled out in the actual rule.)

On the test box, the proxy works fine if it's set directly in Firefox. Otherwise, connections hang and no data is returned. Running tcpdump on the proxy, I can see the traffic coming in from the test box at first, but it never responds to any ack packets going back out from the proxy. On the firewall, tcpdump and pf -ss show the packets going from the test box to the proxy, but they're getting lost.

The proxy and test box are on two different private networks, but the proxy has a static route to use the firewall as its router when trying to reach the test box network.

Can anyone think of what the problem could be?


Last edited by phoenix; 25th August 2011 at 06:43 PM.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
routing and ARP questions unixjingleman OpenBSD General 9 19th January 2011 08:27 PM
ftp-proxy kazuya25 OpenBSD Installation and Upgrading 4 25th November 2010 06:48 PM
Firewall routing Magoo FreeBSD General 9 4th November 2008 04:39 PM
Routing and routing some more! Weaseal FreeBSD General 1 19th August 2008 01:39 PM
pf and ftp-proxy clinty OpenBSD Security 5 7th May 2008 10:36 PM

All times are GMT. The time now is 06:43 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick