llsjk wrote: > > Then I found that one could bypass the proxy by just tell the browser to > connect directly.
What does that mean? Give us an example of what you did, what you expected to happen and what actually happened. > > b. So I googled around and found the following suggestions: > > REDIRECT- $FW 3128 tcp 80 - !192.168.0.3 > > DNAT loc loc:192.168.0.3:3128 tcp www I have no idea what you are trying to do with the second rule. There should be no loc->loc traffic here. > > DROP net $FW tcp 8080 > DROP net $FW tcp 3128 > Those two forbid connections from loc->fw to ports 8080 and 3128; which means that the first redirect rule is useless. > I test all of them without success. Not suprising. > > Any suggestions from anyone would be welcomed. Again, please tell us exactly what problem you are trying to solve. > > 2. QUEUE/Authentication/Accounting. > > In the documentation I read that some people use it to control p2p. > > Would it possible to or has anybody tried it for anything else? I have > the idea to try to use it to authenticate users. Most people do that by redirecting all attempts to connect to the web to a login server. Successful login causes the ruleset to be altered to remove the redirection (or preempt it with a different redirection). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
