Well... Sorry for not answering earlier... Few things:
1.- We're not using squid in transparent mode (That's an order from high above... can't do anything). 2.- We have a brand new server which is going to be used for squid. Which is the 192.168.1.10. 3.- The firewall is 192.168.1.1 4.- I have to redirect all incomming traffic to host 192.168.1.1:3128 to 192.168.1.10:3128 I've tried the Dnat thingie but so far, no luck, any ideas? This is the rule i'm using (Actually 192.168.20.244 is my own laptop... but it should be only loc and not loc:192.168.20.244) DNAT loc:192.168.20.244 loc:192.168.1.10 tcp 3128 #what i have Any hints? 2010/4/16 Michael Weickel - iQom Business Services GmbH <[email protected]>: > > BTW. I believe using squid as non transparent is not want you want to do. Of > course non transparent gives you some great benefits such as authentication > and using squid for https as well but the disadvantage is that you have to > provide proxy information manually to each client or maybe by GPO. > > You should visit squid-cache.org - there is a great compare sheet between > transparent and non-transparent. > > We have two scenarios up and running in our company. One with shorewall and > transparent proxy and another one with non-transparent proxy but this time > clients mapped again squid directly, without shorewall. > > > -----Ursprüngliche Nachricht----- > Von: Michael Weickel - iQom Business Services GmbH [mailto:[email protected]] > Gesendet: Freitag, 16. April 2010 22:53 > An: 'Shorewall Users' > Betreff: Re: [Shorewall-users] Redirecting trafic to another host > > > I guess the way you have choosen is the way for using a squid on the same > machine on the firewall - I believe that shorewall expets only a port rather > than a server ip where you specified 192.168.1.10 > > I have the same scenario as you described in my local network. > > What will bring you to your tarket is > > http://www.shorewall.net/Shorewall_Squid_Usage.html > > Use the section where the server is in the local network. > > > Cheers > Mike > > -----Ursprüngliche Nachricht----- > Von: Santiago Zarate [mailto:[email protected]] > Gesendet: Freitag, 16. April 2010 22:41 > An: [email protected] > Betreff: [Shorewall-users] Redirecting trafic to another host > > Actually, i have a server (Which is the router and firewall, it has > two ips 192.168.1.1 and 192.168.0.1), but we have another server which > we want to use as Proxy (Its ip is 192.168.1.10) . > > Problem is that when i come with: > > REDIRECT loc:192.168.1.0/16 192.168.1.10:3128 tcp 3128 > > but Shorewall always replies with: > ERROR: REDIRECT rules cannot specify a server IP; rule: "REDIRECT > loc:192.168.1.0/16 192.168.1.10:3128 tcp 3128" > > Anyone can give me a hint? i havent found anything on google neither > the mailing list's archives nor the official docs... tough i have > another solution which involves changing ips (We dont use transparent > proxy here)... i would really like to solve this... > > ---------------------------------------------------------------------------- > -- > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ---------------------------------------------------------------------------- > -- > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
