i installed openbsd4.4 with squid with pf enabled;
forwarding is enabled in syscontl.conf
the following is pf.conf:
................................................................
ext_if = "dc0" # macro for external interface
int_if = "fxp0" # macro for internal interface
localnet = $int_if:network
# ext_if IP address could be dynamic, hence ($ext_if)
nat on $ext_if from $localnet to any -> ($ext_if)
set skip on lo0
block all
pass from { lo0, $localnet } to any keep state
$tcp_services = "{ ftp-data, ftp, ssh, domain, pop3, auth, nntp, http,\
https, smtp, imap, imap3, imaps }"
pass inet proto tcp from $localnet to any port $tcp_services
pass in inet proto tcp from any to any port ssh
udp_services = "{ domain, ntp }"
pass quick inet proto { tcp, udp } to any port $udp_services
icmp_types = "{ echoreq, unreach }"
pass inet proto icmp all icmp-type $icmp_types keep state
# allow out the default range for traceroute(8):
# "base+nhops*nqueries-1" (33434+64*3-1)
pass out on $ext_if inet proto udp from any to any port 33433 >< 33626 keep
state
insiders = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \
0.0.0.0/8, 240.0.0.0/4 }"
block in quick on $ext_if from $insiders to any
block out quick on $ext_if from any to $insiders
table <bruteforce> persist
block quick from <bruteforce>
pass inet proto tcp from any to $localnet port $tcp_services \
keep state (max-src-conn 100, max-src-conn-rate 15/5, \
overload <bruteforce> flush global)
pass quick proto { tcp, udp } from any to any port ssh \
keep state (max-src-conn 15, max-src-conn-rate 5/3, \
overload <bruteforce> flush global)
............................................................
my problem is squid doesn't work and tells no route to host (when i type any
website url at client machine)
if i disable pf squid is ok ;
help appreciated
_______________________________________________
Openbsd-newbies mailing list
[email protected]
http://mailman.theapt.org/listinfo/openbsd-newbies
