On 07/29/2013 08:59 AM, Steve Wray wrote: > If I wanted to use a squid proxy running on the router I'd have this? > > SAME $FW - tcp > 80,443 >
You can try that -- given that applying tcrules doesn't work reliably when the source is $FW, it may or may not do what you want. I personally use ACLs to assign different hosts to different source IP addresses: acl mac src 172.20.1.145/32 172.20.1.146/32 tcp_outgoing_address 67.170.121.6 mac acl rest src 172.20.0.0/22 tcp_outgoing_address 70.90.191.121 This will still work if one of the connections is down (provided that it is not hard down). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
