I have spent all weekend looking and trying to figure out how to make this work. Now it is time to ask for help.
I have Dachstein CD running as a proxy-arp firewall for a system. Is it possible to have the firewall redirect all port 80 requests from the DMZ (eth2) and send them to port 3128 on another box (Squid-cache) in the DMZ. And then accept the requests from the Squid box to the internet (eth0).
I know this is probably easier using Bearing, but I have not taken the time to try that. I have always used Dachsetin.
I have looked thru network.conf and can not find any rules for redirect or forwarding within the same interface, just from one interface to the other. I have even tried to add an ipmaskadm rule manually and it did not work. Do I need to place the squid box on the internal interface?
If someone is doing this now, could you please post the info or a link to some info showing the correct settings.
If this is anything like port-forwarding, it's a *LOT* easier if the router is between the two boxes (client and proxy), rather than having both be on the same net. With port-forwarding, the problem is the outbound packets need to get mangled (for destination IP), and then mangled again on return (for source IP), but with both boxes on the same network, the reply packets go directly from server->client, they don't match what the client's expecting (for source IP), and they get dropped.
You can use tcpdump to see if this is what's happening to you. If so, I recommend another NIC (they're cheap!) configured with a private IP range. Just stick your proxy in the new network, setup the Dachstein rules so the new IP range is masqueraded to the internet, and you should be all set to craft some custom redirect rules.
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
