Thanks for getting back to me. The squid config has:
http_port 3128 tproxy http_port 3129 transparent netstat shows: tcp 0 0 0.0.0.0:3129 0.0.0.0:* LISTEN - tcp6 0 0 :::3128 :::* LISTEN - I didn't realise there was a convention regarding which ports squid listens on for what. Also, if squid wasn't listening on the port I'd set in the Shorewall config, wouldn't the web pages just completely fail to load instead of passing through to the sites? I also notice some other odd things; When I go to test-ipv6.com it says I'm going through a proxy "Your IPv6 address on the public internet appears to be 2001:xxx:x:xxx::x Proxied via: 1.1 router1.xxxx (squid/3.1.19)" Where the IP address is correct for our ipv6 tunnel . When I go to v6.testmyipv6.com it gives my IP address as the address of the test VM (windows 7, chrome). When I go to ds.testmyipv6.com it gives my IP address as the address of my router. In the case of the pure ipv6 test there is nothing in the squid log. In the case of the dual stack test there are entries in the squid log. I'm guessing that test-ipv6.com is doing a dual stack test. Shorewall6 dump output attached. -----Original Message----- From: Tom Eastep [mailto:[email protected]] Sent: Friday, 21 December 2012 11:36 p.m. To: Shorewall Users Subject: Re: [Shorewall-users] shorewall6 seems to be ignoring tproxy On 12/21/2012 02:04 AM, Steve Wray wrote: > > interfaces: > > - lo - - > > dmz eth3 detect tcpflags,forward=1,nosmurfs > lan eth0 detect tcpflags,forward=1,nosmurfs > out he-ipv6 detect tcpflags,forward=1,nosmurfs > virt eth1 detect tcpflags,forward=1,nosmurfs > virt2 eth4 detect tcpflags,forward=1,nosmurfs > > zones: > > fw firewall > dmz ipv6 > lan ipv6 > out ipv6 > virt ipv6 > virt2 ipv6 > > tcrules: > > FORMAT 2 > DIVERT he-ipv6 :: tcp - 80 > TPROXY(3128,::1) eth1 :: tcp 80 > #TPROXY(3128) eth1 :: tcp 80 > > # Neither of the above lines work Is Squid really listining on port 3128 for IPv6 TPROXY? That's normally the intercept port (for REDIRECT) and 3129 is used for TPROXY. If that isn't the issue, please forward the output of 'shorewall6 dump' as a compressed attachment. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
shorewall6.dump.gz
Description: Binary data
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
