|
FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Simple pf ruleset
Hi Everyone
I'm new to FreeBSD and am attempting to set up pf rules which will allow all traffic through a gateway machine, and redirect port 80 requests for transparent squid proxying. This is my pf.conf, a very simple one, but for some reason it doesn't seem to be redirecting, does anyone have any idea why? Code:
## Definitions int_if="em0" ext_if="fxp0" lan="192.168.0.0/24" ## Redirect WWW traffic to local cache rdr on $int_if proto tcp from $lan to any port www -> 127.0.0.1 port 3128 ## No restrictions on Loopback Interface pass in quick on lo0 all pass out quick on lo0 all ## No restrictions on Inside LAN Interface for private network pass out quick on $int_if all pass in quick on $int_if all ## No restrictions on WAN Interface pass out quick on $ext_if all pass in quick on $ext_if all Thanks John |
|
|||
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Ahhhhh. Point 3. I'd loaded the module but not enabled it.
FWIW I had to modify the pf rules slightly to get it working, the one posted didn't redirect. Code:
## Definitions int_if="em0" ext_if="fxp0" ## No restrictions on Loopback Interface ## No restrictions on WAN Interface set skip on { lo0, $ext_if } ## Redirect WWW traffic to local cache rdr on $int_if inet proto tcp from $int_if:network to any port www -> 127.0.0.1 port 3128 pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state pass out on $ext_if inet proto tcp from any to any port www keep state ## No restrictions on Inside LAN Interface for private network pass out quick on $int_if all pass in quick on $int_if all |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
improve ruleset | wesley | OpenBSD Security | 2 | 21st January 2010 11:31 PM |
A simple question | Mr-Biscuit | Off-Topic | 1 | 16th April 2009 04:26 PM |
ipfw ruleset double check | l2fl2f | FreeBSD Security | 3 | 26th March 2009 06:32 AM |
FTP ruleset questions | hitete | OpenBSD Security | 2 | 25th November 2008 05:30 PM |
Simple Firewall with PF | jones | FreeBSD General | 3 | 7th November 2008 02:02 AM |