Hi, First of all, you should change any to any to something more restrictive like 10.0.0.0/8 to any. I don't think squid needs to read the packet filter device, I've got a similar setup with 4.1 and it doesn't need to access the packet filter directly. To make OpenBSD reload the configuration file, the easiest way is to just issue a pfctl -e -f /etc/pf.conf and it should reload the rules. Just to make sure you can do pfctl -d; pfctl -e -f /etc/pf.conf. It will stop then start pf again. -----Original Message----- From: Indunil Jayasooriya [mailto:indunil75@xxxxxxxxx] Sent: Monday, April 28, 2008 8:38 PM To: squid-users Subject: Fwd: HTTP Transparent Proxy on OpenBSD 4.2 > What command I have to issue to complete this task with PF on OpenBSD 4.2? > What should I do? Configuring pf The pf configuration is /etc/pf.conf. The file is documented in pf.conf(5). This is a minimal example of the required rdr rule. Make sure you also allow the redirected connections to pass, they'll have destination address 127.0.0.1 when the filter rules are evaluated. Redirection does not automatically imply passing. Also, the proxy must be able to establish outgoing connections to external web servers. int_if="gem0" ext_if="kue0" rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128 pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state pass out on $ext_if inet proto tcp from any to any port www keep state Note that squid needs to open /dev/pf in order to query the packet filter. The default permissions for this file allow access only to root. squid is running as user _squid, group _squid, so one way to allow access to squid is by changing the group ID of the file to _squid and make it group-accessable: # chgrp _squid /dev/pf # chmod g+rw /dev/pf pls click below URL for more http://www.benzedrine.cx/transquid.html -- Thank you Indunil Jayasooriya -- Thank you Indunil Jayasooriya
