pf 透明代理规则

3645636

le0  连接internet
le1  连接局域网

#squid.conf内容有以下语句

http_port 192.168.1.1:3128 transparent


#pf规则

rdr on le1 inet proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.1.1
nat on le0 from any to any -> le0
block all


pass out proto tcp from 192.168.1.0/24 to any port {21,80,53} keep state
pass out proto udp from 192.168.1.0/24 to any port 53 keep state

pass on le1 inet proto tcp from any to 192.168.1.1 port 3128 keep state
pass on le1 inet proto tcp from any to any port 80 keep state

pass out proto tcp from any to any port {21,80,53} keep state
pass out proto udp from any to any port 53 keep state

pass in quick on le0 proto tcp from any to any port {80, 22} keep state


问题,透明代理不能使用,但是在客户机的浏览器里指定SQUID的IP地址和端口就可以上网,PF规则哪里设置错了

[ 本帖最后由 3645636 于 2009-5-14 09:32 编辑 ]

ziggler

上网终于找到答案

1. 
   
2. chgrp squid /dev/pf
   
3. chmod g+rw /dev/pf
   
4. 
   
5. # ll pf
   
6. crw-rw----  1 root  squid  232,   0  6 28 23:03 pf
   
7. 
   

复制代码

squid.conf&pf.conf文件不需要任何改动即OK     

请教:FreeBSD + PF + Squid透明代理(已解决)(页 1) - Proxy服务器 - ChinaUnix.net - powered by Discuz! Archiver (14 May 2009)

http://bbs.chinaunix.net/archiver/?tid-567993.html

congli

噢!
那链接最后一贴是永久性的解决方法.