Shorewall 2.2.2 I have transparent proxying setup to a separate proxy server on the local network, following the notes on the shorewall website for "Squid (transparent) Running in the local network", and it is working fine. I''m looking for a quick way to disable the redirecting from the firewall to the proxy for times when the proxy server may be offline. In /etc/shorewall/start I have the line: iptables -t mangle -A PREROUTING -i eth0 -s ! 10.0.0.99 -p tcp --dport 80 -j MARK --set-mark 202 My thinking is that I should issue this command: iptables -t mangle -D PREROUTING -i eth0 -s ! 10.0.0.99 -p tcp --dport 80 -j MARK --set-mark 202 on the firewall to disable the redirect ie. just delete the iptable rule that marks traffic for redirection. Am I on the right track here? Thanks, Dave ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Dave Green wrote:> Shorewall 2.2.2Time to upgrade!.> > My thinking is that I should issue this command: > iptables -t mangle -D PREROUTING -i eth0 -s ! 10.0.0.99 -p tcp --dport 80 -j > MARK --set-mark 202 > > on the firewall to disable the redirect ie. just delete the iptable rule > that marks traffic for redirection. > > Am I on the right track here?Yes. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> -----Original Message----- > From: shorewall-users-bounces@lists.sourceforge.net > [mailto:shorewall-users-bounces@lists.sourceforge.net] On > Behalf Of Tom Eastep > Sent: Wednesday, 3 October 2007 2:29 a.m. > To: Shorewall Users > Subject: Re: [Shorewall-users] Disable transparent > proxyredirection (temporarily) > > Dave Green wrote: > > Shorewall 2.2.2 > > Time to upgrade!. > > > > > My thinking is that I should issue this command: > > iptables -t mangle -D PREROUTING -i eth0 -s ! 10.0.0.99 -p > tcp --dport 80 -j > > MARK --set-mark 202 > > > > on the firewall to disable the redirect ie. just delete the > iptable rule > > that marks traffic for redirection. > > > > Am I on the right track here? > > Yes. > > -TomYes. Thanks Tom. Dave ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/