Tom Eastep pisze: > I rather doubt that rule is what you want. It will redirect port 80 to > local port 8081 EXCEPT IF THEY ARE SENT BY 10.0.0.0/9. > I will redirect only 10.128.0.0/9 network to dansguardian/proxy with ntlm authentication. > When you show us a few rules out of context, we really cannot tell if > they are 'good' or not. > >
I enclose my rules: #SSH SSH/ACCEPT loc $FW #PING Ping/ACCEPT loc $FW Ping/ACCEPT net $FW ACCEPT $FW loc icmp ACCEPT $FW net icmp #SAMBA SMB/ACCEPT $FW loc SMB/ACCEPT loc $FW #DNS DNS/ACCEPT loc $FW DNS/ACCEPT $FW loc DNS/ACCEPT $FW net #SSH SSH/ACCEPT net $FW #SQUID & DANSGUARDIAN HTTP/ACCEPT $FW net REDIRECT loc:!10.0.0.0/9 8081 tcp 80 - DROP net $FW tcp 8081 DROP net $FW tcp 8080 #HTTP HTTP/ACCEPT net $FW HTTP/ACCEPT loc $FW #HTTPS HTTPS/ACCEPT loc $FW HTTPS/ACCEPT net $FW #SMTP SMTP/ACCEPT net $FW SMTP/ACCEPT loc $FW #POP POP3/ACCEPT net $FW POP3/ACCEPT loc $FW #IMAP IMAP/ACCEPT net $FW IMAP/ACCEPT loc $FW #IMAP SSL IMAPS/ACCEPT net $FW IMAPS/ACCEPT loc $FW #POP3S POP3S/ACCEPT net $FW POP3S/ACCEPT loc $FW #TFTP ACCEPT $FW loc udp 69 ACCEPT loc $FW udp 69 Thanks for help! ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
