Hello,
I hope some of you please can help me with the following problem. I have a FreeBSD server 9.1 with several jails installed one which is a web proxy. For that I have a rule of redirection configured in pf for that all the traffic from my internal net go to the proxy jail.
In the jail I have Squid version 3.3.8 compiled with support for pf transparent proxy and configured with the following directive to allow the transparent proxy:
For the comprobation [ What? -- Mod. ] of the redirection shutting down Squid to use nc I made two tests from Firefox:
With the proxy configured manually:
With no proxy (direct) seems that the URL in GET not arrives only "/".
Later when I started Squid, I saw in /var/log/squid/cache.log several errors about pf:
I know that Squid must have permissions to access the device used by pf, but it is not pf in the jail but on the host server.
Even so when I think in put in /etc/devfs.conf:
I don't know where this must go, because the host server does not have the squid user nor group and in the jail there is no pf.
What can I do?
Thank you very much.
Javier
I hope some of you please can help me with the following problem. I have a FreeBSD server 9.1 with several jails installed one which is a web proxy. For that I have a rule of redirection configured in pf for that all the traffic from my internal net go to the proxy jail.
Code:
rdr pass inet proto tcp from $int_net to any port www -> $pxy_ip port 3128
pass in log (all, to pflog0) on $int_if inet proto tcp from $int_net to $pxy_ip port 3128
pass out on $int_if inet from $int_net to $int_net
pass out log (all, to pflog0) on $ext_if inet from $ext_ip to any (I do NAT to the internal network)
In the jail I have Squid version 3.3.8 compiled with support for pf transparent proxy and configured with the following directive to allow the transparent proxy:
Code:
http_port 127.0.0.1:3128 transparent (I tried with intercept here too)
For the comprobation [ What? -- Mod. ] of the redirection shutting down Squid to use nc I made two tests from Firefox:
With the proxy configured manually:
Code:
# nc -l 3128
GET http://www.hostgator.com/ HTTP/1.1
Host: www.hostgator.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
With no proxy (direct) seems that the URL in GET not arrives only "/".
Code:
# nc -l 3128
GET / HTTP/1.1
Host: www.hostgator.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
Later when I started Squid, I saw in /var/log/squid/cache.log several errors about pf:
Code:
2013/09/23 17:05:23 kid1| PF open failed: (2) No such file or directory
I know that Squid must have permissions to access the device used by pf, but it is not pf in the jail but on the host server.
Even so when I think in put in /etc/devfs.conf:
Code:
own pf root:squid
perm pf 0640
I don't know where this must go, because the host server does not have the squid user nor group and in the jail there is no pf.
What can I do?
Thank you very much.
Javier