________________________________
From: Tom Eastep <[email protected]>
>
> Configure Squid for TPROXY on port 3129:
>
> http_port 3129 tproxy
I already did. My squid configuration contains the following:
http_port 3129 tproxy
https_port 3130 tproxy ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=16MB cert=/etc/ssl/squid/proxyserver.pem
In fact, in my mangle file I have:
DIVERT $IF_WAN $PROXY_SOURCE_WAN tcp
- 80
TPROXY(3129) $IF_LAN:$PROXY_SOURCE_WAN $PROXY_DESTINATION_WAN
tcp 80
DIVERT $IF_WAN $PROXY_SOURCE_WAN tcp
- 443
TPROXY(3130) $IF_LAN:$PROXY_SOURCE_WAN $PROXY_DESTINATION_WAN
tcp 443
DIVERT $IF_WAN $PROXY_SOURCE_WAN_DMZ tcp
- 80
TPROXY(3129) $IF_DMZ:$PROXY_SOURCE_WAN_DMZ $PROXY_DESTINATION_WAN_DMZ
tcp 80
DIVERT $IF_WAN $PROXY_SOURCE_WAN_DMZ tcp
- 443
TPROXY(3130) $IF_DMZ:$PROXY_SOURCE_WAN_DMZ $PROXY_DESTINATION_WAN_DMZ
tcp 443
Clients behind $IF_LAN are successfully proxied. Clients behind $IF_DMZ are not.
Vieri
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
