2010/5/24 Rene Maroufi <[email protected]>: > On Sun, May 23, 2010 at 08:07:38PM +0200, Henning Brauer wrote: >> * Rene Maroufi <[email protected]> [2010-05-23 14:04]: >> > Hi, >> > >> > i update my firewall to 4.7 and changed my rdr and nat rules. But there >> > is one thing i don't understand: I use a transparent proxy (Squid) on >> > the same machine and in pf.conf this rdr-rule: >> > >> > pass in quick on $ifklan proto tcp from $klan to ! <allintern> port 80 >> > rdr-to 127.0.0.1 port 3128 >> > >> > This works fine. If I comment this rule out, traffic is blocked. Thats >> > OK. If i remove only the "quick" word, traffic is passed through the >> > firewall without being proxied. But there is no other rule after this >> > rule to let traffic through the firewall. If there was a other rule, >> > comment this rule out, can't stop the traffic. I don't understand this >> > behaviour. >> >> well, there HAS to be another rule that matches later, or this would >> not happen. > > If thats the case: Why the traffic is blocked if i comment the rule out? > > Its blocked if i comment the rule out, but its passed without redirect > if i remove the quick. That makes no sense!
Then maybe, you'll show us output of: 1. cat /etc/pf.conf 2. pfctl -f /etc/pf.conf && pfctl -sr 3. pfctl -o none -f /etc/pf.conf && pfctl -sr huh?
