> -----Original Message----- > From: Tom Eastep [mailto:[email protected]] > Sent: Monday, 24 December 2012 12:55 p.m. > To: [email protected] > Subject: Re: [Shorewall-users] shorewall6 seems to be ignoring tproxy > > On 12/23/2012 08:42 PM, Steve Wray wrote: > > >> Do you see the obvious problem with this rule from your dump output? > >> Chain PREROUTING (policy ACCEPT 1361 packets, 464K bytes) > >> pkts bytes target prot opt in out source > >> destination > >> 1361 464K tcpre all * * ::/0 ::/0 > >> 0 0 divert tcp he-ipv6 * ::/0 > >> ::/128 tcp spt:80flags:! 0x17/0x02 socket --transparent > >> 0 0 TPROXY tcp eth1 * ::/0 > >> ::/128 tcp dpt:80 TPROXY redirect :::3128 mark 0x200/0x200 > > > >> Look at the destination column. That is the all-zero address. > > > >> That goes back to your tcrules: > > > >> TPROXY(3128,::1) eth1 :: tcp 80 > > > > Yes I see this. > > > > But I don't know how this tcpre rule gets there. I don't think that I > > explicitly request it in my shorewall6 configuration. > > > > My tcrules file contains only > > > > FORMAT 2 > > > > DIVERT he-ipv6 :: tcp - 80 > > > > TPROXY(3128) eth1 :: tcp 80 > > > > And that is WRONG! > > > > > Which is exactly as suggested in the documentation. > > > > http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY > > > > and so far as I can tell I'm following this very closely. > > > > No! That documentation uses 0.0.0.0/0 in the DEST column. The IPv6 > equivalent is ::/0 -- you have coded :: which is ::/128.
aahhhhh You have helped me better understand Shorewall AND ipv6 :) I'd assumed that :: was the equivalent of 0.0.0.0/0 Awesome, thank you so much! > > So Shorewall6 must be inferring that I want this rule. > > > > No -- Shorewall6 is doing exactly what you are asking it to do. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net > \________________________________________________ ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
