Here my firewall configuration: Now the REDIRECT rule is activacted in status.txt
eth0: 192.168.0.254 (wan - connected to ADSL) eth1: 172.16.1.254 (lan) tap0: 192.168.99.1 openvpn zones: fw firewall net ipv4 loc ipv4 vpn ipv4 interfaces: net eth0 detect loc eth1 detect vpn tap0 masq: eth0 eth1 eth1 eth0 squid is running in 8080 port. In messages i see: Oct 8 19:48:25 farroupilha kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=172.16.1.1 DST=65.77.157.50 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=20577 DF PROTO=TCP SPT=1232 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 Very thanks to all. Stacker -----Mensagem original----- De: Tom Eastep [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 8 de outubro de 2008 17:44 Para: Shorewall Users Assunto: Re: [Shorewall-users] RES: RES: transparent proxy Fabio Correa wrote: > This works if the squid and shorewall are in the same machine, i not > sure if is that case. We basically don't have enough information here -- a) If Stacker's users are accessing the internet directly now, how does adding the rule disrupt them if, as claimed, the rule does nothing? b) As Fabio says, we're assuming that Squid is running on the Shorewall box. But even if it isn't, that wouldn't cause the users to "try to go directly to the por (SIC) 80 using the default gateway". So I suspect that the rule is working and Squid is not. Because: - In 90% of cases where transparent proxy doesn't work, it is the Squid configuration that is wrong, not Shorewall. - In 9% of the cases, the user forgot to enable port 80 from fw->net even though that is carefully documented at http://www.shorewall.net/Shorewall_Squid_Usage.html - In the other 1%, the user is astonished to learn that HTTPS cannot be transparently proxied. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________
status.txt.gz
Description: Binary data
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
