06.04.2011 01:43, Diego Xirinachs пишет:
DNS is already accepted on my shorewall rules file, here is the
complete file, I dont know why I didnt post it complete earlier.
REDIRECT loc 3128 tcp www -
ACCEPT $FW net tcp www
ACCEPT $FW loc icmp
ACCEPT $FW net icmp
#################################################
Here is your your mistake! First rule eval like the first rule/
You try to REDIRECT packets www from firewall to port 3128, but you have
no www packets in your firewall if (as I am understand) your policy is DROP
Try in this order:
first rule: ACCEPT $FW net tcp www
second rule: REDIRECT loc 3128 tcp www -
This example from documentation www.shorewall.net
As you can see, DNS is already there also. Any other tips?
@nikolay: Really? more complicated than Iptables? I find it easy to
configure access rules here, only problem I have had is this one. With
iptables I tried to get the transparent proxy working but couldnt (i
got the full command and ran it, didnt do anything). I tried with the
following commands
I can explain it but not now
|
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp |--dport| 80 -j
DNAT |--to-destination| 192.168.0.1:3128 <http://192.168.0.1:3128>
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j
REDIRECT |--to-ports| 3128|
Are you sure that SQUID requires nat ?????????????
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-ports 3128
iptables -t filter -A FORWARD -i eth0 -p tcp --dport 80 -j DROP
And you should to remember that THE ORDER of rules have the
SIGNIFICANTE sense!
Sorry for my english... now it's time to sleep....
eth0 is my LAN and eth1 is connected to the internet. IP address is
just for the example, my internal network uses a different range than
that one.
I would really like to get this working but I have no idea whats
wrong, this kind of issues im sure Is one of those wtf problems that
can be solved with a simple solution.
Hope it helps and thanks again.
2011/4/5 Николай Федосов <[email protected]
<mailto:[email protected]>>
My proposal is to change the order of your rules...
But the true way is to : apt-get purge shorewall (it is very
complicated, more complicatated than iptables)
05.04.2011 13:29, Diego Xirinachs пишет:
>> My /etc/shorewall/rules are setup with this ACCEPT and REDIRECT
rules:
>>
>> #ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE
ORIGINAL
>> # PORT(S)
DEST
>> REDIRECT loc 3128 tcp www -
>>
>> ACCEPT $FW net tcp www
--
ubuntu-server mailing list
[email protected] <mailto:[email protected]>
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
--
X1R1
--
ubuntu-server mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
