Daemon News Ezine | BSD News | BSD Mall | BSD Support Forum | BSD Advocacy | BSD Updates |
Unfortunately FreeBSD's bridge code is far from optimal. It lacks a lot of functionality when compared to Net/OpenBSD's if_bridge. At the moment this constrains pf to a very limited subset of possible functionalities. There has been an effort to port over if_bridge, but that died for some reason. In order to fix your specific problem you might want to try to add a "route-to (lo0 127.0.0.1)"-rule for the redirected traffic but I can't confirm that this will really help. All in all, I have to admit that pf gives a rather poor performance with the FreeBSD bridge code. On Friday 15 October 2004 18:25, Sergey Lyubka wrote: > I am trying to setup transparent proxy. > The box has two interfaces, > em0 (0.0.0.0, outside interface) > em1 (10.0.0.3, inside interface) > > pf and bridge are running on the box. > Proxy is running on the box, listening on 127.0.0.1:8080 > This is the pf.conf: > ------------------ > int_if="em1" > ext_if="em0" > rdr on $int_if inet proto tcp from any to any port 80 -> 127.0.0.1 port > 8080 > pass in > pass out > ------------------- > > But, when I am trying to access any site from the inside, > I see packets emitted by em0, which have destination address > 127.0.0.1:8080 > > Proxy does not receive anything. > > nfa# sysctl -a | grep bridge > net.link.ether.bridge_cfg: em0,em1 > net.link.ether.bridge_ipfw: 1 > net.link.ether.bridge_ipf: 1 > net.link.ether.bridge.config: em0,em1 > net.link.ether.bridge.enable: 1 > net.link.ether.bridge.predict: 45 > net.link.ether.bridge.dropped: 0 > net.link.ether.bridge.packets: 80 > net.link.ether.bridge.ipfw_collisions: 0 > net.link.ether.bridge.ipfw_drop: 0 > net.link.ether.bridge.copy: 0 > net.link.ether.bridge.ipfw: 1 > net.link.ether.bridge.ipf: 1 > net.link.ether.bridge.debug: 0 > net.link.ether.bridge.version: 031224 > > nfa# uname -a > FreeBSD nfa 5.3-BETA7 FreeBSD 5.3-BETA7 #20: Fri Oct 15 15:41:14 UTC > 2004 root@xxxxxxxxxxxxxxxxxxxxxxx:/usr/obj/usr/src/sys/MANAGER > i386 > > Any ideas ? > > > > _______________________________ > Do you Yahoo!? > Declare Yourself - Register online to vote today! > http://vote.yahoo.com > _______________________________________________ > freebsd-pf@xxxxxxxxxxx mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@xxxxxxxxxxx" -- /"\ Best regards, | mlaier@xxxxxxxxxxx \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Attachment:
pgpPi3lH7tHOb.pgp
Description: PGP signature