On 2008-12-30, Giancarlo Razzolini <[email protected]> wrote: > fRANz escreveu: >> Hi. >> >> I've some trouble with this configuration: >> >> LAN -- fw (openbsd 4.4) -- adsl router >> >> LAN: 192.168.100.0/24 >> fw int int: sis1 >> fw int ind: 192.168.100.2 >> fw ext int: sis0 >> fw ext ind: 10.0.0.2 >> router int ind: 10.0.0.1 >> >> I try to configure pf to redirect all web traffic from internal lan to >> an internal squid server (192.168.100.8) but rdr doens't works. >> Now clients works _without_ proxy; when I enable this rule:
> Create a new entry on inetd.conf, much of the one in the pf faq: > > 127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w 20 > 192.168.100.8 3128 > > Restart inetd and then, instead of making a rdr rule redirecting the > traffic to the squid server, you redirect it to the port your inetd is > listening. The netcat then will create a connection to your squid server > and everything should work: > > rdr pass on $int_if inet proto tcp from any to port www -> 127.0.0.1 > port 5000 the rdr+nat rule combination from the same faq page is slightly less insane for this use, but it still means you lose IP addresses from the squid logs, which you might not want to lose. it's better to put the squid on a different network interface + subnet.
