Thanks,
I tried according to your configuration :
First test using the 3128 port as a divert-to port and as a squid http_port
with tproxy or intercept statement
=> No traffic is getting diverted by pf
Second test :
Same test but using the 3129 port as a divert-to port
2 lines un squid.conf file :
http_port 3128
http_port 127.0.0.1:3129 tproxy // I also tried with intercept too
but no change
In both tests : the web traffic (http 80) doesn't get caught by the
divert-to directive...
I tried to tcpdump on the lo0 interface but I got nothing.
Seems like a pf problem to me...
My browser accessed the internet without any restriction and without being
cached...
-----Message d'origine-----
De : owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] De la part de
Cremator
Envoyé : jeudi 2 janvier 2014 20:29
À : Romain FABBRI - Alien Consulting
Cc : Misc OpenBSD
Objet : Re: Transparent proxy with Squid on OpenBSD 5.4
Hello,
First I have only one line in my pf.conf and it is:
pass in log on $int_if inet proto tcp from any \ to port { 80, 8080 }
divert-to 127.0.0.1 port 3128
Second my squid.conf has only one line and it is:
http_port 127.0.0.1:3128 intercept
In your config files you are redirecting to port 3128 and you are
intercepting at port 3129.
On Thu, Jan 2, 2014 at 7:55 PM, Romain FABBRI - Alien Consulting <
romain.fab...@alienconsulting.net> wrote:
> Hi,
>
> I�m trying to do a transparent webfiltering bridge with squid.
> I�ve used the packages for 5.4 which are squid-3.3.8 and
> squidGuard-1.4p6
>
> Squid is working fine when the browser uses the vether0 administration
> interface of the bridge.
> I mean sites are cached and squidGuard is filtering according to my
> tests rules.
>
> But it�s not working when using the bridge as a transparent proxy
> (without specifying a proxy server).
> If someony could give me some advice that would be really helpfull.
>
> Here is my /etc/pf.conf
>
> # Macros & Tables
> ext_if="bge0"
> int_if="bge1"
>
> # Options
> set skip on lo
> set skip on {pfsync}
> set reassemble yes no-df
>
> # Redirect www to our transparent squid proxy pass in quick log on
> $ext_if inet proto tcp to port 80 divert-to 127.0.0.1 port 3128 pass
> out quick from 127.0.0.1 divert-reply
>
> # Allow SSH
> pass quick inet proto tcp from any to 192.168.200.253 port ssh
>
> # Allow mail
> pass out quick proto tcp from $int_if to any port { 25, 143, 993, 995
> } keep state
>
> # Allow Ping/Traceroute/DNS
> pass quick inet proto udp from any to any port domain pass quick inet
> proto tcp from any to any port domain flags S/SA synproxy state pass
> quick inet proto icmp all icmp-type { echoreq, unreach } keep state
>
> I�ve tried almost every tutorial on the net but I had no luck with any
> of them using OpenBSD 5.4 and Squid 3.3.8� So I�m posting to know if
> anybody has done this kind of configuration successfully.
>
> Happy New Year
> Romain
>
>
>
> In /etc/squid/squid.conf I have configured ports like that :
>
> http_port 3128
> http_port 127.0.0.1:3129 intercept
[demime 1.01d removed an attachment of type application/octet-stream which had
a name of pf.conf]
[demime 1.01d removed an attachment of type application/octet-stream which had
a name of squid.conf]
