Thanks, I tried according to your configuration :
First test using the 3128 port as a divert-to port and as a squid http_port with tproxy or intercept statement => No traffic is getting diverted by pf Second test : Same test but using the 3129 port as a divert-to port 2 lines un squid.conf file : http_port 3128 http_port 127.0.0.1:3129 tproxy // I also tried with intercept too but no change In both tests : the web traffic (http 80) doesn't get caught by the divert-to directive... I tried to tcpdump on the lo0 interface but I got nothing. Seems like a pf problem to me... My browser accessed the internet without any restriction and without being cached... -----Message d'origine----- De : owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] De la part de Cremator Envoyé : jeudi 2 janvier 2014 20:29 À : Romain FABBRI - Alien Consulting Cc : Misc OpenBSD Objet : Re: Transparent proxy with Squid on OpenBSD 5.4 Hello, First I have only one line in my pf.conf and it is: pass in log on $int_if inet proto tcp from any \ to port { 80, 8080 } divert-to 127.0.0.1 port 3128 Second my squid.conf has only one line and it is: http_port 127.0.0.1:3128 intercept In your config files you are redirecting to port 3128 and you are intercepting at port 3129. On Thu, Jan 2, 2014 at 7:55 PM, Romain FABBRI - Alien Consulting < romain.fab...@alienconsulting.net> wrote: > Hi, > > Im trying to do a transparent webfiltering bridge with squid. > Ive used the packages for 5.4 which are squid-3.3.8 and > squidGuard-1.4p6 > > Squid is working fine when the browser uses the vether0 administration > interface of the bridge. > I mean sites are cached and squidGuard is filtering according to my > tests rules. > > But its not working when using the bridge as a transparent proxy > (without specifying a proxy server). > If someony could give me some advice that would be really helpfull. > > Here is my /etc/pf.conf > > # Macros & Tables > ext_if="bge0" > int_if="bge1" > > # Options > set skip on lo > set skip on {pfsync} > set reassemble yes no-df > > # Redirect www to our transparent squid proxy pass in quick log on > $ext_if inet proto tcp to port 80 divert-to 127.0.0.1 port 3128 pass > out quick from 127.0.0.1 divert-reply > > # Allow SSH > pass quick inet proto tcp from any to 192.168.200.253 port ssh > > # Allow mail > pass out quick proto tcp from $int_if to any port { 25, 143, 993, 995 > } keep state > > # Allow Ping/Traceroute/DNS > pass quick inet proto udp from any to any port domain pass quick inet > proto tcp from any to any port domain flags S/SA synproxy state pass > quick inet proto icmp all icmp-type { echoreq, unreach } keep state > > Ive tried almost every tutorial on the net but I had no luck with any > of them using OpenBSD 5.4 and Squid 3.3.8 So Im posting to know if > anybody has done this kind of configuration successfully. > > Happy New Year > Romain > > > > In /etc/squid/squid.conf I have configured ports like that : > > http_port 3128 > http_port 127.0.0.1:3129 intercept [demime 1.01d removed an attachment of type application/octet-stream which had a name of pf.conf] [demime 1.01d removed an attachment of type application/octet-stream which had a name of squid.conf]