Hey, I wrestled quite a bit with shorewall (version 3.0.4) lately to get something to work which I expected to be fairly trivial. Most likely it really is but I just can't figure it out..
Consider the following scenario: All HTTP(S) Traffic from a local machine should be routed through a SSH tunnel to a remote (squid) proxy. The SSH Tunnel locally listens on port 3128. That's also the port on which everything ends up on the remote machine (shouldn't matter though?!). The setup works as long as I configure client programs manually to use this proxy (localhost:3128) but I'd love to have a transparent proxy (i.e. the clients don't know anything about it). I thought it was just a matter of redirecting any outgoing request to port 80 resp. 443 to 127.0.0.1:3128 but either that's not the way to go or I am not able to set those redirects up properly :) I managed to redirect the request to the remote proxy (via SSH tunnel), however the original hostname seems to get lost along the way since I only receive errors from the proxy. The squid logs show something like 1160238209.322 342 127.0.0.1 TCP_DENIED/400 1574 GET /rss/newsonline_world_edition/front_page/rss.xml - NONE/- text/html as opposed to the expected 1160237922.254 362 127.0.0.1 TCP_REFRESH_MISS/200 16428 GET http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml - DIRECT/212.58.226.8 application/xml My shorewall rules file looks like that: ACCEPT $FW net:remote-host tcp 22 # Redirect HTTP requests to local tunnel to proxy REDIRECT $FW 3128 tcp 80 ACCEPT $FW net:127.0.0.1 tcp 3128 The policy file arranges for everything besides $FW to $FW to be dropped. Yes, my understanding of shorewall and iptables unfortunately is pretty limited. I hope that somebody here can give me a nod into the right direction, surely there must be a set up like this out there?! Regards, Niels ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
