/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Use the REDIRECT command. Here is the line I use. You may have to adjust it
for your settings, but hopefully this will get you started. Check out David
Ranch's TrinityOS document for more info.
$INTIF="eth0"
$INTLAN="192.168.1.0/24"
$LOGGING=" "
$BROADCAST="255.255.255.255"
/sbin/ipchains -A input -j REDIRECT 3128 -i $INTIF -p tcp -s $INTLAN -d
$BROADCAST/0 www $LOGGING
- Gary
John Clabaugh wrote:
>
> /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
> /* ALSO: Don't quote this header. It makes you look lame :-) */
>
> Howdy all:
>
> I have a firewall box with 3 NICs (eth0 = 192.168.1.216, eth1 =
> 192.168.2.1, eth2 = 192.168.3.1). eth0 is the internal network, eth1 goes
> to a webramp router that connects to the internet, and eth2 goes to a linux
> box running squid (192.168.3.2) over a crossover cable. My question is this:
>
> I have had squid running on the firewall box in the past but I don't like
> the security implications of this so I have decided to add a third NIC
> (eth2) and run squid on another dedicated box connected to this NIC. I can
> ping the squid box from the internal network (192.168.1.*) and I can ping
> the internal network from the squid box. If I set my preferences up in
> Netscape to point to the squid box as a proxy everything works as it
> should. My problem is that we have 150 users and I'd rather not have to
> change everyone's netscape preferences. I thought I could use IPMASQADM
> PORTFW to forward the port 80 traffic from eth0 to eth2 rather than the
> default route of eth1. If I set Netscape to do a direct connect, the
> packets never make it to the squid box. They just go straight out eth1 and
> to the internet. Everywhere I read, IPMASQADM PORTFW is used to forward
> external net connections to an internal box. Is there a way to forward
> internal connections to another internal box on another NIC? Maybe there
> is an easier way of doing this? Thank you ahead of time for your
> help. Here the line I was using in my firewall script to forward port 80:
>
> ipmasqadm portfw -f
> ipmasqadm portfw -a -P tcp -L 192.168.1.216 80 -R 192.168.3.2 8080
>
> John Clabaugh
> Project Engineer
> RBB Systems Inc.
> 8767 Twp. Rd. 513
> Shreve, OH 44676
> Ph. (330) 567-2906 ext. 296
> FAX (330) 567-3925
> mailto:[EMAIL PROTECTED]
> http://www.rbbsystems.com
>
> _______________________________________________
> Masq maillist - [EMAIL PROTECTED]
> Admin requests can be handled at http://www.indyramp.com/masq-list/ --
> THIS INCLUDES UNSUBSCRIBING!
> or email to [EMAIL PROTECTED]
>
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
--
Edison Information Technologies
P.O. Box 554
Milan, OH 44846-0554
419.499.7040
www.EdisonInfo.com
[EMAIL PROTECTED]
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
