I have PF+SQUID31 on FREEBSD-9.0, and I want to have some hosts(aka goodguys) to bypass the proxy, so that torrents are not logged. Also, I am not sure about transparent. It means that I dont have to configure proxy settings on the client side right? I have tried doing a redirect

no rdr on $int_if inet proto {tcp,udp} from 192.168.1.233/32 to any

However, no luck :(

Here is a quick look of my conf files:

SQUID /usr/local/etc/squid/squid.conf

http_port 192.168.1.1:8080 transparent

RC /etc/rc.conf:

gateway_enable="YES"
pf_enable="YES"
pf_rules="/usr/local/etc/pf.conf"
pflog_enable="YES"
squid_enable="YES"

I have squid31 installed from ports with

SQUID_PF "Enable transparent proxying with PF" on

PF /usr/loca/etc/pf.conf:

int_if="re0"
ext_if="bge0"
localnet="{ 192.168.1.0/24 }"

table <goodguys> const { "192.168.1.219", "192.168.1.233" }

set block-policy drop
set skip on lo0

scrub in all fragment reassemble
scrub out all random-id max-mss 1440

block in on $ext_if
pass out on $ext_if keep state

block in on $int_if
pass in on $int_if inet proto tcp from $int_if:network to $int_if port 8080 keep state
pass in on $int_if inet proto udp from $int_if:network to $int_if port 21 keep state
pass in on $int_if inet proto udp from $int_if:network to $int_if port 22 keep state
pass in on $int_if inet proto udp from $int_if:network to $int_if port 53 keep state
pass in on $int_if inet proto tcp from $int_if:network to any port { smtp, pop3 } keep state
pass in on $int_if inet proto icmp from $int_if:network to $int_if keep state
pass out on $int_if keep state

What lines should I add in conf files? I am assuming that the problem is on the firewall(pf).