[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: transparent ftp through pf - solved!

To: <misc@openbsd.org>
Subject: Re: transparent ftp through pf - solved!
From: "Chris Hedemark" <chris@yonderway.com>
Date: Fri, 1 Feb 2002 07:47:27 -0600 (CST)
References: <3C598877.2020007@ucdavis.edu>

Adam Getchell asks:
> Where did you emplace your squid box with respect to your transparent
> bridge? Or was it also installed along with pf?

It is on the firewall.

I think it should be quite possible to put it on a seperate box inside of
the firewall and use NAT rules to force all traffic to port 80 from !
$SquidHost to $SquidHost.

> (I currently have a 2.9 ipf transparent bridge that I'm mulling
> replacing with 3.0 pf)

I'm quite pleased so far.  So is my client.  This replaced a Mandrake
Linux firewall that had introduced a lot of latency into the internet
connection, which they thought was just part of having a firewall.  I
think the pf based solution I put in place is much faster.  Having the
caching nameserver and squid in there definitely made additional
improvements (I could tell as they were added incrementally).

I do hope that the FAQ maintainers add my adjustments to the FAQ.  It is
an excellent FAQ but the filter rules and nat rules sections are slightly
disjointed in that following them both will prevent ftp clients on the
protected network from getting out.

Prev by Date: bad Irq for Intel 82371AB USB on Mitac 6120
Next by Date: Re: FW: firewalling theory
Prev by thread: Re: transparent ftp through pf - solved!
Next by thread: disklabel fails to find partitions
Index(es):
- Date
- Thread