If possible, put the proxy server on a different vlan. If you can't, try the method in http://www.openbsd.org/faq/pf/rdr.html#rdrnat It works, but your proxy logs will then only show the firewall's address rather than the original client addresses.
On 2011-05-09, Alessandro Baggi <alessandro.ba...@gmail.com> wrote: > Hi list. I've a question about positioning a proxy server into the LAN. > I've tried this in dmz (also in transparent mode + rdr pf), and works > great, but now I'm trying to put this proxy in LAN. > Also in this case it works, but when I try to set it in transparent > mode, and put rdr rules on the firewall (OpenBSD 4.8): > > match in on $int proto tcp from $int:network to any port 80 rdr-to > $proxy port 3128 > > it does not work, and the request seems not be redirected on the proxy. > I've ridden this: > > http://www.openbsd.org/faq/pf/rdr.html > > I'm trying to get solution only with pf rules without no results. > Could some point me in the right direction? > > Thanks in advance