Sebastian wrote: > Tom Eastep pisze: >> I rather doubt that rule is what you want. It will redirect port 80 to >> local port 8081 EXCEPT IF THEY ARE SENT BY 10.0.0.0/9. >> > I will redirect only 10.128.0.0/9 network to dansguardian/proxy with > ntlm authentication. >> When you show us a few rules out of context, we really cannot tell if >> they are 'good' or not. >> >> > > I enclose my rules: >
My point was, *I don't know what you are trying to do*. You have shown us a script that used variables which were never defined and then you ask us if your rules are okay. We can't answer that. Even seeing the output of 'shorewall dump' (which is what we prefer to look at) won't tell us if your configuration is 'correct' if we don't know what your definition of 'correct' is. My *quess* about what you want is: HTTP/ACCEPT $FW new REDIRECT loc 8081 tcp 80 - !10.0.0.0/9 That will: a) Allow your proxy to access the net (first rule) b) Redirect TCP 80 requests to local port 8081 unless they were originally addressed to 10.0.0.0/9 But that's only my guess. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
