Does shorewall support a transparent proxy on a firewalled bridge? I''ve used the Squid (transparent) Running on the Firewall instructions. My squid works manually and I see Shorewall:work_dnat:REDIRECT: IN=br0 OUT= SRC=192.168.1.86 DST=192.168.1.140 LEN=48 TOS=00 PREC=0x00 TTL=128 ID=28881 DF PROTO=TCP SPT=2438 DPT=80 in my firewall logs but I don''t see any access in my squid logs. So it looks like it''s just not sending it to the right spot. ------------------------------------------------------------------------------
PLEASE -- configure your mailer to fold your text at a reasonable width. Your post is one long line which makes it a complete PITA to quote and respond to. Jeff Armstrong wrote:> Does shorewall support a transparent proxy on a firewalled bridge?Yes. But I don''t know what happens if you try to redirect traffic that is originally sent to a server on another bridge port; I suspect that such traffic may not be redirected. I''ve used the Squid (transparent) Running on the Firewall instructions. My squid works manually and I see Shorewall: work_dnat:REDIRECT: IN=br0 OUT= SRC=192.168.1.86 DST=192.168.1.140 LEN=48 TOS=00 PREC=0x00 TTL=128 ID=28881 DF PROTO=TCP SPT=2438 DPT=80 in my firewall logs but I don''t see any access in my squid logs. Which usually means that Squid isn''t configured properly for transparent access. So it looks like it''s just not sending it to the right spot. That is not a valid conclusion. ------------------------------------------------------------------------------
Shorewall Guy wrote:> PLEASE -- configure your mailer to fold your text at a reasonable width. > Your post is one long line which makes it a complete PITA to quote and > respond to.To everyone using Thunderbird who becomes annoyed with replying to posts formatted as Jeff''s was, I just received a tip on IRC: Edit->Rewrap will rewrap the post to your current wrap width. ------------------------------------------------------------------------------
Jeff Armstrong wrote:> Does shorewall support a transparent proxy on a firewalled bridge? I''ve used the Squid (transparent) Running on the Firewall instructions. My squid works manually and I see Shorewall:work_dnat:REDIRECT: IN=br0 OUT= SRC=192.168.1.86 DST=192.168.1.140 LEN=48 TOS=00 PREC=0x00 TTL=128 ID=28881 DF PROTO=TCP SPT=2438 DPT=80 in my firewall logs but I don''t see any access in my squid logs. So it looks like it''s just not sending it to the right spot. > > ------------------------------------------------------------------------------ >Sure It does, it seems that your squid config is not right .... Here is my shorewall log to compare against yours. Dec 30 13:20:08 mails kernel: Shorewall:loc_dnat:REDIRECT:IN=br0 OUT= PHYSIN=vlan3 MAC=00:18:71:ec:93:5e:00:18:de:0d:78:39:08:00 SRC=10.176.113.100 DST=64.233.183.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=45753 DF PROTO=TCP SPT=60093 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Harry. and don''t forget REDIRECT:$LOG loc $PRXPORT tcp www - !10.51.252.254,10.176.113.254 ------------------------------------------------------------------------------