FreeBsd5.4+pf+squid反向代理实战笔记

rdr on fxp1 proto tcp from $lan_if to any port 80 -> $lan_if port 80

rdr on fxp1 proto tcp from any to any port 21 -> 127.0.0.1 port 8021
#rdr on fxp0 proto tcp from any to $wan_if port 80 ->$web_server port 8080
#rdr on fxp1 proto tcp from $lan_if to $wan_if port 80 ->$web_server port 8080

rdr on $wan_if proto tcp from any to any port 21 -> $ftp_server port 21
rdr on $wan_if proto tcp from any to any port 49152:65535 -> $ftp_server port 49152:65535

# in on $wan_if
pass in quick on $wan_if proto tcp from any to $ftp_server port 21 keep state
pass in quick on $wan_if proto tcp from any to $ftp_server port > 49151 keep state

# out on $lan_if
pass out quick on $lan_if proto tcp from any to $ftp_server port 21 keep state
pass out quick on $lan_if proto tcp from any to $ftp_server port > 49151 keep state

#Disable danger port
#Danger_Port="{445 135 139 593 5554 9995 9996}"
#block quick on $wan_if inet proto tcp from any to any port $Danger_Port
#block quick on $wan_if inet proto tcp from any to any port $Danger_Port
pass in all
pass out all

http_port 80

httpd_accel_host virtual
httpd_accel_single_host off
httpd_accel_port 80
httpd_accel_uses_host_header on
httpd_accel_with_proxy on
# accelerater my domain only
acl acceleratedHostA dstdomain . example1.com
#acl acceleratedHostB dstdomain .example2.com
#acl acceleratedHostC dstdomain .example3.com
# accelerater http protocol on port 80
acl acceleratedProtocol protocol HTTP
acl acceleratedPort port 80
# access arc
acl all src 0.0.0.0/0.0.0.0
# Allow requests when they are to the accelerated machine AND to the
# right port with right protocol
http_access allow acceleratedProtocol acceleratedPort acceleratedHostA
#http_access allow acceleratedProtocol acceleratedPort acceleratedHostB
#http_access allow acceleratedProtocol acceleratedPort acceleratedHostC
# logging
emulate_httpd_log on
cache_store_log none
# manager
acl manager proto cache_object
http_access allow manager all
cachemgr_passwd pass all