2013-01-15 12:49, Daniel Hartmeier skrev:
You currently have the following rules
pass out log on $ext_if inet proto tcp from $proxy to any port
$proxy_services keep state
# pass out
pass out log
What's the point of these? Whenever the first rule would match, the
second one would always override it, making the first one superfluous.
Further, the first rule never matches, because the proxy isn't using
$proxy=172.18.0.1 as source for outgoing connections (but the
IP of $ext_if).
The second rule matches, but doesn't have 'keep state', so the TCP
handshake fails (SYN passes out, but SYN+ACK reply is blocked).
Hence, delete the first rule and add "keep state" to the second rule.
HTH,
Daniel
Thank you Daniel.
Unfortunately it did not help.
The squid access.log says tcp_miss which should mean that the website
has not replied.
The browser shows the squid access denied screen.
I cannot see any denied packets with tcpdump.
Commenting out the rdr rule gives direct access but I would like to get
the use of squid back again.
I would appreciate further suggestions because at the moment I'm stuck!
Thanks
/Leslie
