Greg Hennessy wrote:

> On Sat, 12 Feb 2005 19:37:03 +0800, sam <sam.wun@authtec.com> wrote:
>
>
>
>>How can I configure nat/rdr in PF to do that same thing?
>>I assumed 1.2.3.4/32 is the IP of the Squid server.
>>But 0.0.0.0/0 looks strange to me if I do that same thing in PF.
>>
>
>
> Easy,
>
> Squid is configured to listen on localhost only and has been configured as
> a transparent cache, this
>
> ~ # grep -i 3128 /etc/pf.conf
> rdr pass on $Int proto tcp from $LAN to !$<InsideNets> port www ->\
> 127.0.0.1 port 3128
Hi thanks very much for the help.
I m not quite expert in PF syntax. What does !$<InsideNets> represent?
<InsideNets> is a table that contains a list of internal subnets, and
!$<...> means "not belong to the Internal Subnets?


> rdr pass on $Int proto tcp from $LAN to $Int:0 port 3128 ->\
> 127.0.0.1 port 3128
>
> The 1st rdr pass does the http interception.
> The 2nd rdr pass allows the proxy to be utilised inline if necessary.
>
>
> & this
>
> ~ # grep -i squid /etc/pf.conf
> pass out quick on $Ext $TCP to !<InsideNets> user squid $KSF\
> queue (q_def, q_pri)
Simliary, what does !<...> represent? and how about $KSF?

Thanks
Sam.

>
>
> takes care of the rest.