On 2006/12/21 15:29, Dominik Zalewski wrote: > In this article squid is running on the same machine as OpenBSD firewall. In > my case I have squid running on different machine connected to LAN interface. > My question is can redirect traffic on $int_if to another machine connected > to the same interface? Does this rule is corrrect ?
No, you can't redirect back out the interface the packet came from. Maybe vlans could help, if there are no spare physical interfaces. Or you could run a small transparent proxy (e.g. tinyproxy) on the firewall and have that use $squid as a parent. > rdr pass on $int_if proto tcp from any to any port 80 -> $squid port 8080 Even if you arrange $squid to be on an interface other than $int_if, I don't think this will work: iirc Squid needs to query /dev/pf for the untranslated addresses; in that case you need route-to on the firewall and fwd -> 127.0.0.1 on the proxy.
