Another (important detail) : Setup is working when client node try to reach a web server located in netB but not for an internet web server…. routefilter=0 and logmartians=0 options are set for FW interface on netB
Thanks Christophe Le 26 juil. 2013 à 09:52, Christophe Ségui <[email protected]> a écrit : > Hi list, > > I'm using shorewall 4.5.5 on debian stable. > > i'm having some issue to set up transparent proxy. Setup is quite complex. > > > > Provider A Provider B > \ / > \ / > \ / > \ / > FW > / ---------| \ > / \ > Bridge Net B > / \ > NetC NetD > > > Nodes on NetD should access net through proxy located on NetB. I've setted up > a config as described in > http://www.shorewall.net/Shorewall_Squid_Usage.html#idp114696 > > I've two different providers. I've added a marking rule, setted up PRIORITY > in order to get fwmark used first (before rules defined in rtrules). > > Here is the issue : > Packet sent to net by nodes on NetD get correctly marked, so get routed to > proxy on NetB which handle request. Packe come back to firewall interface > through NetB and stop there (src IP is the requested IP (eg www.google.com), > dest IP is the NetD node which has made http request according to tcpdump). > Although tcpdump shows up the packet, no Shorewall log about this last > incoming packet. > > Traffic from NetB is authorized to access NetD (no ip source or dest check)…. > > > Any clue on what maybe wrong? > > > Thanks > Christophe > > > > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk_______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
