BTW. I believe using squid as non transparent is not want you want to do. Of course non transparent gives you some great benefits such as authentication and using squid for https as well but the disadvantage is that you have to provide proxy information manually to each client or maybe by GPO.
You should visit squid-cache.org - there is a great compare sheet between transparent and non-transparent. We have two scenarios up and running in our company. One with shorewall and transparent proxy and another one with non-transparent proxy but this time clients mapped again squid directly, without shorewall. -----Ursprüngliche Nachricht----- Von: Michael Weickel - iQom Business Services GmbH [mailto:[email protected]] Gesendet: Freitag, 16. April 2010 22:53 An: 'Shorewall Users' Betreff: Re: [Shorewall-users] Redirecting trafic to another host I guess the way you have choosen is the way for using a squid on the same machine on the firewall - I believe that shorewall expets only a port rather than a server ip where you specified 192.168.1.10 I have the same scenario as you described in my local network. What will bring you to your tarket is http://www.shorewall.net/Shorewall_Squid_Usage.html Use the section where the server is in the local network. Cheers Mike -----Ursprüngliche Nachricht----- Von: Santiago Zarate [mailto:[email protected]] Gesendet: Freitag, 16. April 2010 22:41 An: [email protected] Betreff: [Shorewall-users] Redirecting trafic to another host Actually, i have a server (Which is the router and firewall, it has two ips 192.168.1.1 and 192.168.0.1), but we have another server which we want to use as Proxy (Its ip is 192.168.1.10) . Problem is that when i come with: REDIRECT loc:192.168.1.0/16 192.168.1.10:3128 tcp 3128 but Shorewall always replies with: ERROR: REDIRECT rules cannot specify a server IP; rule: "REDIRECT loc:192.168.1.0/16 192.168.1.10:3128 tcp 3128" Anyone can give me a hint? i havent found anything on google neither the mailing list's archives nor the official docs... tough i have another solution which involves changing ips (We dont use transparent proxy here)... i would really like to solve this... ---------------------------------------------------------------------------- -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ---------------------------------------------------------------------------- -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
