On Wed, Jan 16, 2013 at 10:19:45AM +0100, Leslie Jensen wrote: > The squid access.log says tcp_miss which should mean that the > website has not replied. > > The browser shows the squid access denied screen. > > I cannot see any denied packets with tcpdump. > > Commenting out the rdr rule gives direct access but I would like to > get the use of squid back again. > > I would appreciate further suggestions because at the moment I'm stuck!
Standard debugging procedure, then: On the firewall, run the following fw# tcpdump -nvpi bge0 host 172.18.0.1 fw# tcpdump -nvpi xl0 tcp port 80 fw# tcpdump -nvvveeepi pflog0 Then initiate a single connection attempt from the proxy, like with proxy# nc -v www.openbsd.org 80 and watch the output of the tcpdumps. What do you expect to see? 1) TCP SYN from 172.18.0.1 to 129.128.5.194:80 on bge0 2) TCP SYN from $ext_if to 129.128.5.194:80 on xl0 3) TCP SYN+ACK from 129.128.5.194:80 to $ext_if on xl0 4) TCP SYN+ACK from 129.128.5.194:80 to 172.18.0.1 on bge0 5) nothing on pflog0 (except 'pass' messages) What do you see instead? If you see block messages on pflog0, re-post your current ruleset. Daniel