Greetings! Included below is my pf.conf set up to use
dansguardian (proxyport 3128, filterport 8080)
and tinyproxy (listen port 3128) as a transparent
proxy.
What changes do I need to make to keep someone on
int_if/int_net from circumventing dansguardian
by changing their browser to point to 3128?
Thanks and take care,
Allen
------8<------cut here------8<------
ext_if="rl0"
int_if="xl0"
int_net="192.168.0.0/24"
proxy_server = "127.0.0.1"
tcp_services="{ 113 }"
icmp_types="echoreq"
set block-policy return
set skip on lo
scrub in
nat on $ext_if from !($ext_if) -> ($ext_if:0)
rdr on $int_if inet proto tcp
from $int_net
to any port www -> $proxy_server port 8080
block in
antispoof quick for { lo $int_if }
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $ext_if inet proto tcp
from any
to ($ext_if) port $tcp_services flags S/SA keep state
pass on $int_if
pass out keep state
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
