help with pf and transparent squid

[fRANz]

Hi.

I've some trouble with this configuration:

LAN -- fw (openbsd 4.4) -- adsl router

LAN: 192.168.100.0/24
fw int int: sis1
fw int ind: 192.168.100.2
fw ext int: sis0
fw ext ind: 10.0.0.2
router int ind: 10.0.0.1

I try to configure pf to redirect all web traffic from internal lan to
an internal squid server (192.168.100.8) but rdr doens't works.
Now clients works _without_ proxy; when I enable this rule:

rdr pass on $int_if inet proto tcp from any to port www ->
192.168.100.8 port 3128

no one can navigate.
If I manually config browser to use squid as proxy, everything goes
fine (so squid is active and functionally).
What's the trouble in this config?!
Regards,
-f

#pf.conf
############################
# macros ###################
############################
ext_if = "sis0"
int_if = "sis1"

out_tcp = "{25, 53, 80, 110, 443}"
out_udp = "{53}"

table <class1> { 192.168.100.1/32, 192.168.100.2/32, 192.168.100.4/32, 192.168.
100.5/32, 192.168.100.6/32, 192.168.100.7/32, 192.168.100.8/32, 192.168.100.250/
32 }
table <class2> { 192.168.100.50/32, 192.168.100.51/32, 192.168.100.52/32, 192.1
68.100.53/32 }
table <class3> { 192.168.100.3/32, 192.168.100.100/32, 192.168.100.230/32 }

############################
# options ##################
############################
set block-policy return
set skip on lo0
scrub in

############################
# nat ######################
############################
nat on $ext_if from !($ext_if) to any -> ($ext_if)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $int_if inet proto tcp from any to port ftp -> 127.0.0.1 port 8021
#rdr pass on $int_if inet proto tcp from any to port www ->
192.168.100.8 port 3128
rdr on $int_if inet proto tcp from any to 192.168.100.251/32 port 8080
-> 10.0.0.1 port 80

############################
# filter ###################
############################
anchor "ftp-proxy/*"
antispoof quick for { lo $int_if }

block in all
pass in on $int_if proto icmp all keep state
pass in on $int_if proto tcp from any to 192.168.100.8 port 3128 keep state
pass in on $int_if proto {tcp, udp} from <class1> to any keep state
pass in on $int_if proto {tcp, udp} from <class3> to any keep state
pass in on $int_if proto tcp from <class2> to any port $out_tcp keep state
pass in on $int_if proto udp from <class2> to any port $out_udp keep state
pass out keep state