Old rule with squid as transparent proxy: >> REDIRECT loc 3128 tcp 80 >> > > Glad you got it to go, the above appeared before the new dan's rule, > correct? First rule match wins in the rules file. > Yes, it did. >> This needed to be changed as follows, in order to redirect dansguardian >> --> squid: >> >> REDIRECT loc 3128 tcp 8080 > This looks a little bogus to me, the dan's -> squid traffic is local to > the firewall, is in the zone "fw", and should occur over the loopback > interface. This will catch clients trying to use squid directly and > force them to use dansguardian, so it's not a bad thing. FWIW, you could > bind squid to the loopback only and then none of the lan clients could > contact squid directly. Does it work if you leave this redirect out? > It should, unless the browser has proxy settings in it. > As it turns out, it was redundant, as squid was already bound to loopback only. The important rule was, of course: >> Then, I needed to redirect requests on port 80 --> dansguardian: >> >> REDIRECT loc 8080 tcp 80 > That one makes sense to me. >
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
