About captive portal using Shorewall,
I have some problem about sub-zones.

In file "zones", I create "zone1" and "zone2".

In "police" I DROP all.

In "rules" I have, in resume:
redirect zone1 8080 tcp 80 -
redirect zone1 8080 tcp 3128 -

accept zone2 wan tcp 80 -
redirect zone2 3128 tcp 80 -

This is to Redirect "http" and "proxy" access
to a login.cgi page on a thttpd server
running on port 8080.

In file "hosts", I have:
zone1 eth2:
zone2 eth2:

And in file "started", I have:
shorewall add eth2: zone1
shorewall add eth2: zone1
shorewall add eth2: zone1
shorewall add eth2: zone1
shorewall add eth2: zone2

The process to add all this IPs to the zones
are very slow.

I needed to do this, because when a user
logins, I need to shorewall delete user from
zone1, ant I need to shorewall add user
in zone2.

I tried to use in file hosts:
zone1 eth2:
zone2 eth2:

In this case, I need only do add or 
to delete user in zone2.

But in this case, there are a conflict
of logic of rules when the user is
using proxy.

The system see rule to accept zone2
tcp 3128, but the system see rule
to redirect zone1 3128 --> 8080.

And with last "hosts" file, the user
will be in 2 zones, 1 and 2.

I tried use ACCEPT+ zone2 all tcp 3128 -

But some thing is configured that this "ACCEPT+"
is not ignored by "REDIRECT zone1" rule.

I tried use shorewall-perl, but shows
errors in /var/lib/shorewall/.start

And I tried to understand "sub-zones",
but not found docs to read.

How can I solve this problem about
ACCEPT+ zone2, and REDIRECT zone1,
using the port of proxy?

Thank you


      Abra sua conta no Yahoo! Mail, o único sem limite de espaço para 

This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
Shorewall-users mailing list

Reply via email to