On 03/22/2016 12:13 AM, Vieri Di Paola wrote: > > >> On 3/21/2016 6:39 AM, Vieri Di Paola wrote: >>> Hi, >>> >>> I would like to intercept http traffic ONLY to one destination and send it >>> to Squid (test system). >>> >>> I'm not sure I'm writing the shorewall mangle rules correctly. >>> >>> I have this: >>> >>> DIVERT $IF_WAN 89.16.167.134/32 tcp - 80 >>> TPROXY(3129) $IF_LAN 89.16.167.134/32 tcp 80 >>> >>> When a LAN host at 10.215.144.48 tries to connect to 89.16.167.134 it fails >>> with a timeout (Squid timeout message). >> >> Snip >> >>> >>> Did I misconfigure the mangle file? >>> >> >> What is the output of 'shorewall show mangle' after you have attempted >> to connect? > > I'm attaching the output of 'shorewall show mangle' right after the LAN host > at 10.215.144.48 attempts connecting to 89.16.167.134 and receives a timeout > message from squid.
Is 10.215.144.48 accessed via interface enp1s8? Remember that you must configure a DIVERT rule for each interface that routes to servers that the client might connect to. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
