On Tue, Apr 19, 2011 at 1:05 PM, Indunil Jayasooriya <indunil75@xxxxxxxxx> wrote: > >>> Now, we have to use >>> >>> divert-to instead of rdr-to in pf.conf >>> >>> >>> Pls read below URL where you get the real thing in regard to it. It >>> was replied by OpenBSD developer Reyk Floeter. >>> >>> >>> http://www.mail-archive.com/misc@xxxxxxxxxxx/msg101469.html >>> >> >> Aha! so PF provides getsockname() now. That means it will require the >> ./configure --enable-ipfw-transparent option to Squid. > > > Hi, sorry for the delay in replying. > > > I changed from http_port 3129 intercept to http_port 127.0.0.1:3129 > intercept in squid.conf file. > > Here's the rule in pf.conf > > pass in log on $int_if proto tcp from $lan_net to any port 80 \ > divert-to 127.0.0.1 port 3129 >> > > here's config option, it is with --enable-ipfw-transparent > > > Squid Cache: Version 3.2.0.6 > configure options: '--datadir=/usr/local/share/squid' '--enable-arp-acl' > '--enable-basic-auth-helpers=NCSA' '--enable-digest-auth-helpers=password' > '--enable-delay-pools' '--enable-external-acl-helpers=ip_user' > '--enable-forw-via-db' '--enable-negotiate-auth-helpers=squid_kerb_auth' > '--enable-ipfw-transparent' '--enable-removal-policies=lru' '--enable-ssl' > '--enable-storeio=aufs' '--with-pthreads' '--localstatedir=/var/squid' > '--prefix=/usr/local' '--sysconfdir=/etc/squid' '--mandir=/usr/local/man' > '--infodir=/usr/local/info' --enable-ltdl-convenience > > > Now, I can access internet. But, I still get this error. > > 2011/04/19 17:55:18 kid1| Intercept.cc(305) PfInterception: PF open failed: > (13) Permission denied > > > then, I recompiled without --enable-ipfw-transparent ( Now it is without > both --enable-pf-transparent and --enable-ipfw-transparent) > > still , I can access internet. But, Still I get below error. > > 2011/04/19 18:26:44 kid1| Intercept.cc(305) PfInterception: PF open failed: > (13) Permission denied > > > > > any comments are welcome from your end. > > > > thanks a lot. > -- Thank you Indunil Jayasooriya
