On 2013-04-26 13:57:00 +0000, Tom Eastep said: > On 4/25/13 11:31 PM, "Troy Telford" <[email protected]> wrote: > >> I really appreciate the clear directions on how to use TPROXY with Squid3. >> >> I've previously used a REDIRECT/intercept proxy, and switching to using >> TPROXY took only a couple of minutes. (even with IPv6!) >> >> I do have a question, though: >> >> I run an Apache server on my router as well. It's only visible >> internally, and is useful as it lets me use some of the squid log >> tools, like SARG, to view proxy usage. Similarly, I use the apache >> server to serve a "access denied" page from squidGuard. >> >> So is there a way to get around this in shorewall, or would I be forced >> to use port 8080 (or similar) for the apache server? > > You need to exclude connections to your gateway's local IP address from > TPROXY: > > TPROXY(3129) ethX:!<ethX ip addr> 0.0.0.0/0 tcp 8
<facepalm>Yup, that'll do it.</facepalm> I did notice something on my network, and I think I'm missing a option: I have several zones, and all but one are working wonderfully. The configuration for the different zones is identical... The zone that's not working well is the zone I've created for my LXC containers. They're all bridged across a br0 interface, and my config is pretty simple: TPROXY(3129) br0:!192.168.2.1 0.0.0.0/0 tcp 80 and the rule: ACCEPT lxc $FW tcp www The LXC containers are running on the router Thanks! -- Troy Telford ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
