Thank you Tom... It's only method? (using tcp_outgoing_address)
Abrex Em 08-05-2012 12:36, Tom Eastep escreveu: > On 05/08/2012 08:18 AM, Vinicius R. Baenas wrote: >> Yes, it working, but is balancing the providers on the Firewall >> Output... I need to apply routing rules depending on the source packets >> (like LAN address or IP)... >> >> For this reason we are trying to use TPROXY, because according to the >> documentation of the SQUID and the Shorewall TROXY keeps the original >> packet headers (spoofing), which in theory would allow me to use the >> shorewall routing rules on tcrules according to source ... >> >> It's possible to create this police using shorewall and redirect without >> tcp_out_going into squid.conf, using only the shorewall routing >> configuration (tcrules)? > > I don't see how. The original IP header is kept on the client<->Squid > connection, but the outgoing connection from Squid to the net will have > tcp_out_going as the source IP address. > > -Tom ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
