Bypassing SQUID on freebsd with PF
- by epema
I have PF+SQUID31 on FREEBSD-9.0, and I want to have some hosts(aka goodguys) to bypass the proxy, so that torrents are not logged.
Also, I am not sure about transparent. It means that I dont have to configure proxy settings on the client side right?
I have tried doing a redirect
no rdr on $int_if inet proto {tcp,udp} from 192.168.1.233/32 to any
However, no luck :(
Here is a quick look of my conf files:
SQUID /usr/local/etc/squid/squid.conf
http_port 192.168.1.1:8080 transparent
RC /etc/rc.conf:
gateway_enable="YES"
pf_enable="YES"
pf_rules="/usr/local/etc/pf.conf"
pflog_enable="YES"
squid_enable="YES"
I have squid31 installed from ports with
SQUID_PF "Enable transparent proxying with PF" on
PF /usr/loca/etc/pf.conf:
int_if="re0"
ext_if="bge0"
localnet="{ 192.168.1.0/24 }"
table <goodguys> const { "192.168.1.219", "192.168.1.233" }
set block-policy drop
set skip on lo0
scrub in all fragment reassemble
scrub out all random-id max-mss 1440
block in on $ext_if
pass out on $ext_if keep state
block in on $int_if
pass in on $int_if inet proto tcp from $int_if:network to $int_if port 8080 keep state
pass in on $int_if inet proto udp from $int_if:network to $int_if port 21 keep state
pass in on $int_if inet proto udp from $int_if:network to $int_if port 22 keep state
pass in on $int_if inet proto udp from $int_if:network to $int_if port 53 keep state
pass in on $int_if inet proto tcp from $int_if:network to any port { smtp, pop3 } keep state
pass in on $int_if inet proto icmp from $int_if:network to $int_if keep state
pass out on $int_if keep state
What lines should I add in conf files? I am assuming that the problem is on the firewall(pf).