[email protected] wrote: > Another additional information: > > the tcrules insertion does not work out of the box > with the normal masq.... > > if you will use the masq avoiding the use of the additional > iptables line as shown in another mail you can even insert > into the masq file a line like this > > tcrules: > > 2 $FW - - - - dansguardian > > and masq: > > eth0 eth1 > eth5 - 99.33.46.25 - - - 2 > eth5 eth2 99.33.46.24 > > but this involves the problem that all the marked packets (with 2) > are masqueraded with the first address.
I thought of that solution when I posted my original reply. But, as you say, the masq rule is too general if you only want to rewrite the source IP of traffic generated by a particular user. Is it Dansguardian or Squid that is making the outgoing connections? Because Squid has the tcp_outgoing_address option which allows you to specify the IP address that squid uses for outgoing connections. If it is Dansguardian that is making the connections, does it support a similar option? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
