Re: A tricky pf + ecmp routing + squid question [Disregard - SOLVED]

2013-06-03 Thread Stuart Henderson
On 2013-06-02, Rob Sheldon r...@associatedtechs.com wrote: Sorry for the noise. OpenBSD 5.3 introduced Squid 3.2, which now checks the destination IP of inbound packets against the Host: header in interception mode. This breaks rdr-to, which makes nearly every howto online incorrect (joy).

Re: A tricky pf + ecmp routing + squid question [Disregard - SOLVED]

2013-06-03 Thread Stuart Henderson
On 2013-06-02, Loïc BLOT loic.b...@unix-experience.fr wrote: Hello rob, i'm using squid since 3.1 on OpenBSD 5.2 with compiled sources (squid 3.2.5-9 and 3.3.4 at this time). Building it yourself with squid's default options sets things up for the old method with rdr-to. The port is setup to

Re: A tricky pf + ecmp routing + squid question [Disregard - SOLVED]

2013-06-03 Thread Rob Sheldon
On 2013-06-03 4:07, Stuart Henderson wrote: I've updated the README. In future please could you make sure that any suggestions relating to ports are sent (or at least CC'd) to the MAINTAINER? It's easy to miss things in the mailing lists (and a lot of developers don't read misc regularly).

Re: A tricky pf + ecmp routing + squid question [Disregard - SOLVED]

2013-06-02 Thread Rob Sheldon
Sorry for the noise. OpenBSD 5.3 introduced Squid 3.2, which now checks the destination IP of inbound packets against the Host: header in interception mode. This breaks rdr-to, which makes nearly every howto online incorrect (joy). There was a minor error in the Squid docs which confused me

Re: A tricky pf + ecmp routing + squid question [Disregard - SOLVED]

2013-06-02 Thread Loïc BLOT
Hello rob, i'm using squid since 3.1 on OpenBSD 5.2 with compiled sources (squid 3.2.5-9 and 3.3.4 at this time). I don't use an IP but the http_port 3129 as my configuration suggests: http_port 3128 http_port 3129 intercept And i have those rule in my PF pass in quick proto tcp to { 10.X.1.1

Re: A tricky pf + ecmp routing + squid question [Disregard - SOLVED]

2013-06-02 Thread Rob Sheldon
On 2013-06-02 2:35, Loïc BLOT wrote: Hello rob, i'm using squid since 3.1 on OpenBSD 5.2 with compiled sources (squid 3.2.5-9 and 3.3.4 at this time). I don't use an IP but the http_port 3129 as my configuration suggests: http_port 3128 http_port 3129 intercept And i have those rule in my PF

Re: A tricky pf + ecmp routing + squid question [Disregard - SOLVED]

2013-06-02 Thread Loïc BLOT
Hello Rob, mine is a forward proxy, it's used by my clients to go to all websites (except blacklisted by squidguard). -- Best regards, Loïc BLOT, UNIX systems, security and network expert http://www.unix-experience.fr Le dimanche 02 juin 2013 à 12:33 -0700, Rob Sheldon a écrit : On

Re: A tricky pf + ecmp routing + squid question [Disregard - SOLVED]

2013-06-02 Thread Marios Makassikis
On 2 June 2013 21:33, Rob Sheldon r...@associatedtechs.com wrote: On 2013-06-02 2:35, Loïc BLOT wrote: Hello rob, i'm using squid since 3.1 on OpenBSD 5.2 with compiled sources (squid 3.2.5-9 and 3.3.4 at this time). I don't use an IP but the http_port 3129 as my configuration suggests: