On Fri, 31 May 2013 04:58:03 -0700 Rob Sheldon <rob@xxxxxxxxxxxxxxxxxxx> wrote: > On 2013-05-30 21:34, Loïc BLOT wrote: > > > Hello Rob, > > I use OpenBSD and squid 3.3.4 in production environment, you'll > > exactly > > what you need here: > > http://www.unix-experience.fr/2013/create-a-powerfull-proxy-cache-with-squid-and-openbsd-2/#sthash.9SpWE1kn.dpbs > > [2] > > Have a nice day > > Thanks -- that looks like a good guide, and I wish I'd found it before > the other one. > > However: it looks like your guide was written for a physical squid > server separate from a physical firewall, and other than that, I can't > find a significant difference between the configuration in your guide > and my problematic configuration. > > Maybe there's some kind of routing issue with doing an rdr on a machine > running both the firewall and the proxy functions? > > ...hmm. That might be it, actually. Since Squid is binding to the LAN > interface, trying to rdr packets coming in on the LAN interface back to > a service on the LAN interface won't work. I'll try setting http_port to > one of the other interfaces and see if that changes anything. > > Thanks, > > - R. Try setting squid to listen on loopback address: http_port 127.0.0.1:3128 intercept Redirect web traffic to loopback address in pf: pass in quick on $if_int inet proto tcp from 192.168.0.209 to any \ port { www https } rdr-to 127.0.0.1 port 3128 -- Marko Cupać
