On 12/21/2012 02:04 AM, Steve Wray wrote: > > interfaces: > > - lo - - > > dmz eth3 detect tcpflags,forward=1,nosmurfs > lan eth0 detect tcpflags,forward=1,nosmurfs > out he-ipv6 detect tcpflags,forward=1,nosmurfs > virt eth1 detect tcpflags,forward=1,nosmurfs > virt2 eth4 detect tcpflags,forward=1,nosmurfs > > zones: > > fw firewall > dmz ipv6 > lan ipv6 > out ipv6 > virt ipv6 > virt2 ipv6 > > tcrules: > > FORMAT 2 > DIVERT he-ipv6 :: tcp - 80 > TPROXY(3128,::1) eth1 :: tcp 80 > #TPROXY(3128) eth1 :: tcp 80 > > # Neither of the above lines work
Is Squid really listining on port 3128 for IPv6 TPROXY? That's normally the intercept port (for REDIRECT) and 3129 is used for TPROXY. If that isn't the issue, please forward the output of 'shorewall6 dump' as a compressed attachment. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
