On 05/08/2012 08:18 AM, Vinicius R. Baenas wrote: > Yes, it working, but is balancing the providers on the Firewall > Output... I need to apply routing rules depending on the source packets > (like LAN address or IP)... > > For this reason we are trying to use TPROXY, because according to the > documentation of the SQUID and the Shorewall TROXY keeps the original > packet headers (spoofing), which in theory would allow me to use the > shorewall routing rules on tcrules according to source ... > > It's possible to create this police using shorewall and redirect without > tcp_out_going into squid.conf, using only the shorewall routing > configuration (tcrules)?
I don't see how. The original IP header is kept on the client<->Squid connection, but the outgoing connection from Squid to the net will have tcp_out_going as the source IP address. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
