On Sat, May 04, 2013 at 01:23:06AM +1000, John Tate wrote:
> I have a squid proxy listening in transparent mode on another faster
> system, but I can't seem to get packets there with pf. I tried simply
> modifying the other divert-to rule to use the IP address of that system. It
> doesn't seem to work, packets don't reach that system.
>
> #pass in quick on $int_if inet proto tcp to port http divert-to 127.0.0.1
> port 3128
> pass in quick on $int_if inet proto tcp to port http divert-to 10.0.0.10
> port 3128
>
> How should I be doing this? I couldn't find anything on Google.
>
Someone may already have answered this by now, but I use
pass in quick on $int_if proto tcp from !$proxyhost to any port 80 \
rdr-to $proxyhost port 3128
pass out quick on $int_if proto tcp to $proxyhost port 3128 \
received-on $int_if nat-to $int_if
I also allow my "dmz" users (basically all the handheld devices' traffic
arrive on a different interface) via the proxy:
pass in quick on $dmz_if proto tcp to any port 80 \
rdr-to $proxyhost port 3128
pass out quick on $int_if proto tcp to $proxyhost port 3128 \
received-on $dmz_if nat-to $int_if
Seems to work(!).
Tor
