Ian wrote: > > Please allow me to have another go at this. > > So I want to be able to point my browser at my proxy ($FW, port 8080) > to get Internet, but still be able to get local http ($FW, port 80). > I tried this in my rules:
> REDIRECT loc 80 tcp 8080 - 192.168.1.1 > This redirects all traffic from 8080 to 80, not just the traffic that > whose destination is 192.168.1.1. That is, all Internet traffic gets > redirected to port 80 on the firewall Of course -- the firewall is a non-transparent proxy so all traffic to port 8080 is addressed to the firewall (192.168.1.1) > I can't see anything in REDIRECT that can be used to redirect local > (loc) traffic, but not Internet (net) traffic. Should I be using > REDIRECT, or something different/completely different? A packet filter (such as Netfilter/Shorewall) cannot do what you are asking. The browsers themselves need to be configured to bypass the proxy when accessing your local web server. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
