I'm using freebsd 6.1 as a bridge (if_bridge)
The interfaces are vr0 (plugged into the DSL modem)
and rl0 (plugged into the switch, to the rest of the network
On the bridge, I'm attempting to use pf to "rdr" all http requests from
my lan, to squid (actually dansguardian)
I have squid configured correctly.. and it was working fine.
I *had* pf working correctly, and redirecting the requests.
Last night, I re-IP'd my network. it used to be 192.168.1.* now it's
10.23.230.* (this was done for different reasons)
I made the appropriate changes in pf.conf, and rc.conf to set the new IP
on the bridge.
all attempts to browse the web, simply time out. tcpdump shows:
000874 rule 6/0(match): pass in on vr0: 10.23.230.254 > 10.23.230.5: ICMP
net 10.23.230.26 unreachable, length 36
000005 rule 6/0(match): pass in on bridge0: 10.23.230.254 > 10.23.230.5:
ICMP net 10.23.230.26 unreachable, length 36
000022 rule 7/0(match): pass out on rl0: 126.96.36.199 > 10.23.230.5: ICMP
net 188.8.131.52 unreachable, length 36
However, this only occurs with the redirect. if I insert the proxy
IP/port in my web browser, it works fine.
10.23.230.254 is DSL modem
10.23.230.26 is the bridge/squid box
10.23.230.5 is the workstation trying to browse the net.
from th bridge, I can ping all internal IP's, and external (internet)
IP's with no problem. From the DSL modem, I can ping all machines on
the internet, and also all machines behind the bridge.
from the workstation, I can ping the bridge, the DSL modem, and all
I see no apparent reason that the tcpdump output shows ICMP unreachable
between *.254 and *.5
Has anyone run into this before? if so, any idea how to resolve it?
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"