# pf transparent proxy squid nat



## Galactic_Dominator (Dec 8, 2008)

I have two boxes, one running an SSL site on apache behind pfsense.  Nearly everyone can get to this site, except for client's at another location I have setup w/ NAT and with transparent proxy using pf.  Clients at this location can get to non-SSL sites on the same server fine, and different(e.g. personal banks) SSL sites without a hitch.

My pf rules:


```
int_if="em0"
ext_if="fxp0"

set timeout { udp.first 300, udp.single 300, udp.multiple 900 }

rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128
nat on fxp0 from 192.168.0.0/16 to any -> fxp0

pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state
```

tcpdump from pf NAT side:


```
gw-mn# tcpdump -i fxp0 port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes
17:19:40.419640 IP my-hostname.56375 > server-hostname.com.https: S 165656225:165656225(0) win 65535 <mss 1460,nop,nop,sackOK>
17:19:43.350741 IP my-hostname.56375 > server-hostname.com.https: S 165656225:165656225(0) win 65535 <mss 1460,nop,nop,sackOK>
17:19:49.285246 IP my-hostname.56375 > server-hostname.com.https: S 165656225:165656225(0) win 65535 <mss 1460,nop,nop,sackOK>
```

tcpdump from apache ssl side:


```
skynet1# tcpdump host XXX.XXX.XXX.XXX and port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 96 bytes
17:06:02.292324 IP my-hostname.56375 > skynet1.server-hostname.com.https: S 165656225:165656225(0) win 65535 <mss 1460,nop,nop,sackOK>
17:06:02.292335 IP skynet1.server-hostname.com.https > my-hostname.56375: S 3217053284:3217053284(0) ack 165656226 win 65535 <mss 1460,sackOK,eol>
17:06:05.218724 IP my-hostname.56375 > skynet1.server-hostname.com.https: S 165656225:165656225(0) win 65535 <mss 1460,nop,nop,sackOK>
17:06:05.218731 IP skynet1.server-hostname.com.https > my-hostname.56375: S 3217053284:3217053284(0) ack 165656226 win 65535 <mss 1460,sackOK,eol>
17:06:08.218471 IP skynet1.server-hostname.com.https > my-hostname.56375: S 3217053284:3217053284(0) ack 165656226 win 65535 <mss 1460,sackOK,eol>
17:06:11.152355 IP my-hostname.56375 > skynet1.server-hostname.com.https: S 165656225:165656225(0) win 65535 <mss 1460,nop,nop,sackOK>
17:06:11.152364 IP skynet1.server-hostname.com.https > my-hostname.56375: S 3217053284:3217053284(0) ack 165656226 win 65535 <mss 1460,sackOK,eol>
17:06:14.151635 IP skynet1.server-hostname.com.https > my-hostname.56375: S 3217053284:3217053284(0) ack 165656226 win 65535 <mss 1460,sackOK,eol>
17:06:20.151800 IP skynet1.server-hostname.com.https > my-hostname.56375: S 3217053284:3217053284(0) ack 165656226 win 65535 <mss 1460,sackOK,eol>
```

tcpdump's are from same time period.

Does anyone have any insight? 

Thanks


----------



## jemate18 (Feb 4, 2010)

Were you able to solve this?

I'm having this exact problem......

Help....


----------

