Re: Problem with Shorewall + Squid
I think you have too...
ACCEPT 192.168.1.30
ACCEPT 27.0.0.1
DNAT loc loc:192.168.5.2 all - -
DENY priv 3128 tcp www,ftp,ftp-data - -
REDIRECT loc 3128 tcp www,ftp,ftp-data - -
REDIRECT loc 3128 udp www,ftp,ftp-data - -
REDIRECT jag 3128 tcp www,ftp,ftp-data - -
REDIRECT jag 3128 udp www,ftp,ftp-data - -
You can onl;y use ONE ip or network perrule, I.E. you can't say "A or B"
or "A and B" where A or B may be negated by a '!'. You have to say what
todo with B then what todo with A if you wanto say "A and !B".
Also try not to post HTML mail to lists, use text instead. :)
--- Jackson Rodrigo Braga <jbraga@placas.ind.br> wrote:
> Hi, I have a problem with shorewall
>
> I will migrate a conectiva server to a knoppix, running squid and
> shorewall
> (in proxy transparent mode).
> In the actual shorewall, existe de folowing lines:
>
> REDIRECT loc!priv 3128 tcp www,ftp,ftp-data - -
>
> REDIRECT loc!priv 3128 udp www,ftp,ftp-data - -
>
> REDIRECT jag!priv 3128 tcp www,ftp,ftp-data - -
>
> REDIRECT jag!priv 3128 udp www,ftp,ftp-data - -
>
> Where: "loc" and "jag" are subnets describes in the zones file.
>
> "priv" are a list of "VIP users", describes in the hosts
> file,
> them not filtred to proxy, and redirect to firewall. The line for this
> function is:
>
> DNAT loc loc:192.168.5.2 all - -
> !192.168.1.30,!127.0.0.1
>
> Where: 192.168.5.2 is a Firewall IP and 192.168.1.30 is a this server.
>
> But in the knoppix this script not work, it accept all conections and
> filter
> in the squid, but not redirect the conections originaly for the "priv"
> hosts
> to the firewall.
>
> Sorry, my english is terrible, but I post the question in the portuguese
> forum and nothing answer are sendme
>
> Jackson R. Braga
> Placas do Paraná S/A
> Informática
> Tel.: (41) 217-7221
> jbraga@placas.ind.br
>
>
>
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
Reply to: