Problems with transparancy and pf

Leslie Jensen <leslie@xxxxxxx> · Tue, 29 Mar 2011 12:02:38 +0200

Hello list.

I've used squid together with pf for a while on a Freebsd 7.2-RELEASE 
machine.

I've now installed Freebsd 8.2-RELEASE on new hardware and I'm using my 
config from the 7.2 machine.

My problem is that squid is not working with transparency. The browser 
traffic goes directly to the Internet.

Setting proxy in the browser works, so I believe squid is ok.

My question is about which build options I must use?

I've used the following:
SQUID_KERB_AUTH			X	(ON)
SQUID_NIS_AUTH			X	(ON)
SQUID_IPV6	(Default)	X	(ON)

SQUID_DELAY_POOLS		X	(ON)
SQUID_SNMP			X	(ON)
SQUID_HTCP (CARP?)		X	(ON)
SQUID_WCCP			X	(ON)
SQUID_IDENT				(OFF)
SQUID_IPFW			X	(ON)
SQUID_PF			X	(ON)
SQUID_AUFS (Default)		X	(ON)
SQUID_KQUEUE			X	(ON)

Then I found this
https://wiki.andrewmercer.net/index.php/Squid_-_Transparent_Proxy

Where he suggests that even
SQUID_IPFILTER			X	(ON)

Should be activated.

I recompiled Squid3.1 with the above and now I get an error which I can 
understand because I do not have IPFilter installed/active.

____________________________________

2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open 
failed: (2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open 
failed: (2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open 
failed: (2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open 
failed: (2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open 
failed: (2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open 
failed: (2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open 
failed: (2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open 
failed: (2) No such file or directory
2011/03/29 11:14:44| IpIntercept.cc(250) IpfInterception: NAT open 
failed: (2) No such file or directory
_____________________________________

So when only pf is used, must I compile squid with IPFILTER and IPFW ?

Thanks

/Leslie