|
FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Selective PF RDR
Hi Everyone
Does anyone know if it's possible to selectively redirect clients using pf to my squid proxy? I tried this and it didn't seem to work, though it does work if I redirect all. I would like the direct servers list to go direct and not go through the transparent squid (due to authentication and other reasons on the client PCs). Code:
direct_servers="{ !172.26.0.24, !172.26.0.32, !172.26.0.39, !172.26.0.41 }" rdr on $int_if inet proto tcp from $int_if:network to $direct_servers port www -> 127.0.0.1 port 3128 John |
|
|||
The /etc/services file seems to allow aliases, and http happens to be an alias for www.
|
|
||||
@jhp: try reversing the statements (move the '!" from the IP addresses to the variable).
Code:
direct_servers="{ 172.26.0.24, 172.26.0.32, 172.26.0.39, 172.26.0.41 }" rdr on $int_if inet proto tcp from $int_if:network to ! $direct_servers port www -> 127.0.0.1 port 3128 |
|
|||
@Carpetsmoker: Sorry I should have been clearer in my description. It works fine the way you have it, but not if I invert the selection with a '!'. As there are only a few servers I wish to exclude from the filtering (rather than include) it would be easier this way around.
@DutchDaemon: Yeah that was the way I tried it initially but it gives a config error if I put ! before the list name. Putting the ! in the list was the only way I could launch pf successfully. Any other thoughts? |
|
||||
Got it. This actually bit me in the past.
Use this: Code:
table <direct_servers> const { 172.26.0.24, 172.26.0.32, 172.26.0.39, 172.26.0.41 } rdr on $int_if inet proto tcp from $int_if:network to ! <direct_servers> port www -> 127.0.0.1 port 3128 |
|
|||
Spot on!
Thanks for helping out, DutchDaemon! There's surprisingly little on the web regarding this particular problem. |
Thread Tools | |
Display Modes | |
|
|