On 8/19/2015 4:02 AM, Brian J. Murrell wrote: > Hi Tom, > > I'm running shorewall 4.6.11.1 on Fedora 22 as a master for a router > running shorewall-lite. I'm doing transparent proxying per > http://shorewall.net/Shorewall_Squid_Usage.html#Local. > > I have a providers entry of: > > Squid 3 0x400 - br-lan 10.75.22.247 > loose,notrack > > And a mangle entry of: > > MARK(0x400):P br-lan:!10.75.22.3,10.75.22.247 0.0.0.0/0 tcp 80 > MARK(0x400):P br-guest:!10.75.22.3,10.75.22.247 0.0.0.0/0 tcp 80 > ... > But I end up with a tcpre (and ~excl0 and ~excl1) looking like:
> in the tcpre table should not be there, right? > > Also, I notice that transparent proxying adds a route to the main > routing table such as: > > 10.75.22.247 dev br-lan scope link src 10.75.22.253 > > I'm curious why that is needed. > > But also, I notice that if you change the providers entry to a > different IP address and then do a "shorewall reload" the above routing > table entry for the old IP address is not removed from the main routing > table. Hi Brian, Please send me a tarball of your configuration. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
