[Masq] Squid & IPCHAINS

Fri, 07 Jul 2000 04:57:35 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Howdy all:

        I have a firewall box with 3 NICs (eth0 = 192.168.1.216, eth1 = 
192.168.2.1, eth2 = 192.168.3.1).  eth0 is the internal network, eth1 goes 
to a webramp router that connects to the internet, and eth2 goes to a linux 
box running squid (192.168.3.2) over a crossover cable.  My question is this:

I have had squid running on the firewall box in the past but I don't like 
the security implications of this so I have decided to add a third NIC 
(eth2) and run squid on another dedicated box connected to this NIC.  I can 
ping the squid box from the internal network (192.168.1.*) and I can ping 
the internal network from the squid box.  If I set my preferences up in 
Netscape to point to the squid box as a proxy everything works as it 
should.  My problem is that we have 150 users and I'd rather not have to 
change everyone's netscape preferences.  I thought I could use IPMASQADM 
PORTFW to forward the port 80 traffic from eth0 to eth2 rather than the 
default route of eth1.  If I set Netscape to do a direct connect, the 
packets never make it to the squid box.  They just go straight out eth1 and 
to the internet.  Everywhere I read, IPMASQADM PORTFW is used to forward 
external net connections to an internal box.  Is there a way to forward 
internal connections to another internal box on another NIC?  Maybe there 
is an easier way of doing this?  Thank you ahead of time for your 
help.  Here the line I was using in my firewall script to forward port 80:

ipmasqadm portfw -f
ipmasqadm portfw -a -P tcp -L 192.168.1.216 80 -R 192.168.3.2 8080


John Clabaugh
Project Engineer
RBB Systems Inc.
8767 Twp. Rd. 513
Shreve, OH 44676
Ph.  (330) 567-2906 ext. 296
FAX  (330) 567-3925
mailto:[EMAIL PROTECTED]
http://www.rbbsystems.com

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to