OpenForum RSS: PF rdr �� bridge c AV

PF rdr �� bridge c AV (LHN)

Tue, 14 Feb 2012 04:39:40 GMT

>>[�� ]
> � ipfw �� ?
> ��, �� , �� CLOSED:SYN_SENT
> �� (
> �� ipfw flush
> � ��

��, � �� , �� -�� , �.�. �� . � �� .
�� ipfw ��.

PF rdr �� bridge c AV (��)

Mon, 13 Feb 2012 13:41:17 GMT

>[�� ]
> �� .
> pfctl -ss
> all tcp 127.0.0.1:3128 <- 194.67.33.56:80 <- 10.111.111.2:37710
> CLOSED:SYN_SENT
> all tcp 127.0.0.1:3128 <- 194.67.33.56:80 <- 10.111.111.2:37711
> CLOSED:SYN_SENT
> tcpdump bridge0
> 2012-02-10 11:40:19.889628 IP 10.111.111.2.44362 > 194.67.33.62.80: tcp 0
> 2012-02-10 11:40:20.657694 IP 10.111.111.2.38670 > 62.213.71.224.80: tcp 0
> 2012-02-10 11:40:20.657702 IP 10.111.111.2.38671 > 62.213.71.224.80: tcp 0

� ipfw �� ?
��, �� , �� CLOSED:SYN_SENT
�� (
�� ipfw flush
� ��

PF rdr �� bridge c AV (LHN)

Fri, 10 Feb 2012 07:41:32 GMT

> ))). �� . �� .
> ��.

��... � �� . �� :
loopback = "{ lo0 }"
WAN = "{ igb3 }"
LAN = "{ igb0 }"
OPT1 = "{ igb2 }"
BRIDGE = "{ bridge0 }"
set skip on $loopback
set skip on $OPT1
set skip on $WAN
set state-policy if-bound
rdr on bridge0 inet proto tcp from 10.111.111.2 to !(self) port {80, 443} -> 127.0.0.1 port 3128
pass in log quick on bridge0 from any to bridge0
pass out log quick on bridge0 from bridge0 to any

�� Ip �� bridge �� . �� 10.x.x.x �� .
�� .
pfctl -ss
all tcp 127.0.0.1:3128 <- 194.67.33.56:80 <- 10.111.111.2:37710 CLOSED:SYN_SENT
all tcp 127.0.0.1:3128 <- 194.67.33.56:80 <- 10.111.111.2:37711 CLOSED:SYN_SENT

tcpdump bridge0
2012-02-10 11:40:19.889628 IP 10.111.111.2.44362 > 194.67.33.62.80: tcp 0
2012-02-10 11:40:20.657694 IP 10.111.111.2.38670 > 62.213.71.224.80: t

PF rdr �� bridge c AV (nix)

Fri, 10 Feb 2012 07:18:06 GMT

>[�� ]
>> set skip on {lo $int_if $ext_if}
>> set state-policy if-bound
>> rdr on bridge0 inet proto tcp from $client to !(self) port {80
>> 443} -> 127.0.0.1 port 3128
>> block in all
>> block out all
>> pass in quick on bridge0 inet proto tcp from $client to bridge0
>> pass out quick on bridge0 from bridge0 to any
> � �� no IP address found for
> bridge0

))). �� . �� .
��.

PF rdr �� bridge c AV (LHN)

Fri, 10 Feb 2012 07:00:53 GMT

> �� . Squid "��" �� .

�� , � �� ip.
� �� 127.0.0.1
> set skip on {lo $int_if $ext_if}
> set state-policy if-bound
> rdr on bridge0 inet proto tcp from $client to !(self) port {80
> 443} -> 127.0.0.1 port 3128
> block in all
> block out all
> pass in quick on bridge0 inet proto tcp from $client to bridge0
> pass out quick on bridge0 from bridge0 to any

� �� no IP address found for bridge0

PF rdr �� bridge c AV (nix)

Fri, 10 Feb 2012 06:43:23 GMT

>[�� ]
>> �� . �� . �� .
>> net.link.bridge.log_stp: 0
>> net.link.bridge.pfil_local_phys: 0
>> net.link.bridge.pfil_member: 0
>> net.link.bridge.pfil_bridge: 1
>> net.link.bridge.pfil_onlyip: 1
>> ��, �� .
> ��, �� , �� , �
> �� , ��
> �� .

��, ��-�� .
�� -�� :

�� . Squid "��" �� .

set skip on {lo $int_if $ext_if}
set state-policy if-bound

rdr on bridge0 inet proto tcp from $client to !(self) port {80 443} -> 127.0.0.1 port 3128

block in all
block out all

pass in quick on bridge0 inet proto tcp from $client to bridge0
pass out quick on bridge0 from bridge0 to any

�� .

PF rdr �� bridge c AV (LHN)

Fri, 10 Feb 2012 02:29:13 GMT

>[�� ]
> �� . ��
> (� �� -�� ). ��
> �� sysctl
> �� . �� . �� .
> net.link.bridge.log_stp: 0
> net.link.bridge.pfil_local_phys: 0
> net.link.bridge.pfil_member: 0
> net.link.bridge.pfil_bridge: 1
> net.link.bridge.pfil_onlyip: 1
> ��, �� .

��, �� , �� , � �� , �� .

PF rdr �� bridge c AV (nix)

Thu, 09 Feb 2012 21:06:43 GMT

>[�� ]
>> tcpdump -nqtttti _IF_NAME_
> � �� http �� , � �� int_if � ��
> bridge0. �� pf �� pass
> in log quick...
> �� lo0 �� , ��...
> �� , �� int_if � bridge_if.
> �.�. �� int_if, ��
> �� , � �� ,
> �� bridge0 ��
> ��.

� ��. �� . �� , �� . �� (� �� -�� ). �� sysctl

�� . �� . �� .
net.link.bridge.log_stp: 0
net.link.bridge.pfil_local_phys: 0
net.link.bridge.pfil_member: 0
net.link.bridge.pfil_bridge: 1
net.link.bridge.pf

PF rdr �� bridge c AV (nix)

Thu, 09 Feb 2012 21:00:12 GMT

>> � �� ? � ��
>> �� .
>> rdr pass on $int_if inet proto tcp from any to any port
>> 80
>> -> 127.0.0.1 port 3128
> �.�. � Pf �� rdr �� , ��
> �� deny.

�� . �� pass �� -��?

>[�� ]
>> tcpdump -nqtttti _IF_NAME_
> � �� http �� , � �� int_if � ��
> bridge0. �� pf �� pass
> in log quick...
> �� lo0 �� , ��...
> �� , �� int_if � bridge_if.
> �.�. �� int_if, ��
> �� , � �� ,
> �� bridge0 ��
> ��.

OpenForum RSS: PF rdr ������� � bridge c AV

PF rdr ������� � bridge c AV (LHN)

PF rdr ������� � bridge c AV (�����)

PF rdr ������� � bridge c AV (LHN)

PF rdr ������� � bridge c AV (nix)

PF rdr ������� � bridge c AV (LHN)

PF rdr ������� � bridge c AV (nix)

PF rdr ������� � bridge c AV (LHN)

PF rdr ������� � bridge c AV (nix)

PF rdr ������� � bridge c AV (nix)

OpenForum RSS: PF rdr �� bridge c AV

PF rdr �� bridge c AV (LHN)

PF rdr �� bridge c AV (��)

PF rdr �� bridge c AV (LHN)

PF rdr �� bridge c AV (nix)

PF rdr �� bridge c AV (LHN)

PF rdr �� bridge c AV (nix)

PF rdr �� bridge c AV (LHN)

PF rdr �� bridge c AV (nix)

PF rdr �� bridge c AV (nix)