[squid-users] Problems with ACL's using squid as intercept proxy
Amos Jeffries
squid3 at treenet.co.nz
Wed Jun 29 01:11:20 UTC 2016
On 29/06/2016 2:18 a.m., C. L. Martinez wrote:
> I have configured new PF rules in this new FreeBSD host:
>
> rdr pass on $vpnif proto tcp from $int_network to any port http tag intlans-to-inet -> lo0 port 5144
>
> .. And the result is:
>
> 1467122773.928 0 127.0.0.1 TCP_MISS/403 4357 GET http://www.osnews.com/ - HIER_NONE/- text/html
> 1467122773.928 35 172.22.55.1 TCP_MISS/403 4489 GET http://www.osnews.com/ - ORIGINAL_DST/127.0.0.1 text/html
> 1467122774.068 0 172.22.55.1 TCP_MEM_HIT/200 13096 GET http://fbsdprx.my.domain.com:3128/squid-internal-static/icons/SN.png - HIER_NONE/- image/png
> 1467122774.102 0 127.0.0.1 TCP_MISS/403 4314 GET http://www.osnews.com/favicon.ico - HIER_NONE/- text/html
> 1467122774.103 2 172.22.55.1 TCP_MISS/403 4446 GET http://www.osnews.com/favicon.ico - ORIGINAL_DST/127.0.0.1 text/html
>
> .. What is the problem?? Are ACL's wrong?? Why?? At first stage, I was thinking about a problem with the pf rules ... but, now, I am not sure because packets arrives to squid ...
>
The current releases of Squid need to be built with:
./configure --with-nat-devpf
for the old PF version on FreeBSD or NetBSD to work.
<http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html#ss2.4>
Amos
More information about the squid-users
mailing list