Fabio Correa wrote: > This works if the squid and shorewall are in the same machine, i not sure if > is that case.
We basically don't have enough information here -- a) If Stacker's users are accessing the internet directly now, how does adding the rule disrupt them if, as claimed, the rule does nothing? b) As Fabio says, we're assuming that Squid is running on the Shorewall box. But even if it isn't, that wouldn't cause the users to "try to go directly to the por (SIC) 80 using the default gateway". So I suspect that the rule is working and Squid is not. Because: - In 90% of cases where transparent proxy doesn't work, it is the Squid configuration that is wrong, not Shorewall. - In 9% of the cases, the user forgot to enable port 80 from fw->net even though that is carefully documented at http://www.shorewall.net/Shorewall_Squid_Usage.html - In the other 1%, the user is astonished to learn that HTTPS cannot be transparently proxied. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
