Hi, I have the rules to use transparent proxy: REDIRECT adm 3128 tcp 80 REDIRECT tlm 3128 tcp 80 ACCEPT $FW net tcp 80 My Zones is: adm = 10.11.8.0/24 tlm = 10.21.6.0/24 lyw = 10.70.5.0/24 My policy is: adm lyw ACCEPT tlm lyw ACCEPT $FW lyw ACCEPT My problem is: When I access any web page at server on "lyw zone", I received a message from squid blocked. But, at squid configuration, all access is allowed. I want to access directly , without squid proxy. How can I make it ? Best regards, Anderson ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
You can modify REDIRECT rule: REDIRECT tlm 3128 tcp 80 - !<IP of server> That rule work in my firewalls Em 03-03-2010 04:20, Watanabe Anderson escreveu:> Hi, > I have the rules to use transparent proxy: > REDIRECT adm 3128 tcp 80 > REDIRECT tlm 3128 tcp 80 > ACCEPT $FW net tcp 80 > My Zones is: > adm = 10.11.8.0/24 > tlm = 10.21.6.0/24 > lyw = 10.70.5.0/24 > My policy is: > adm lyw ACCEPT > tlm lyw ACCEPT > $FW lyw ACCEPT > My problem is: > When I access any web page at server on "lyw zone", I received a > message from squid blocked. But, at squid configuration, all access is > allowed. > I want to access directly , without squid proxy. > How can I make it ? > Best regards, > Anderson > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Hi, I'm using something like this: REDIRECT tlm:!$SPECIFICIP 3128 tcp www - !$SQUIDHOST so that $SPECIFICIP bypasses Squid, and requests from $SQUIDHOST aren't redirected back. -- Can Bican On Wed, Mar 3, 2010 at 1:54 PM, "José D. Grieco" <jdgrieco@ig.com.br> wrote:> You can modify REDIRECT rule: > > REDIRECT tlm 3128 tcp 80 - !<IP of server> > > That rule work in my firewalls > > Em 03-03-2010 04:20, Watanabe Anderson escreveu: > > Hi, > > > I have the rules to use transparent proxy: > > REDIRECT adm 3128 tcp 80 > REDIRECT tlm 3128 tcp 80 > ACCEPT $FW net tcp 80 > > > My Zones is: > > adm = 10.11.8.0/24 > tlm = 10.21.6.0/24 > lyw = 10.70.5.0/24 > > My policy is: > adm lyw ACCEPT > tlm lyw ACCEPT > $FW lyw ACCEPT > > > My problem is: > > When I access any web page at server on "lyw zone", I received a message > from squid blocked. But, at squid configuration, all access is allowed. > > I want to access directly , without squid proxy. > > How can I make it ? > > > > Best regards, > Anderson > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Can Bican wrote:> Hi, > > I''m using something like this: > > REDIRECT tlm:!$SPECIFICIP 3128 > tcp www - !$SQUIDHOST > > so that $SPECIFICIP bypasses Squid, and requests from $SQUIDHOST > aren''t redirected back.The above advice is incorrect. The post from Jose Greico has correct rules as does the Shorewall Squid documentation (http://www.shorewall.net/Shorewall_Squid_Usage.html). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
I don't see how my instance is different from the rule on that page,
that goes like:
REDIRECT loc:!192.168.1.5,192.168.1.33\
3128 tcp www -
!206.124.146.177,130.252.100.0/24
In my example, $SPECIFICIP and $SQUIDHOST are more less the same (I
had to mention they're supposed to be in params file), except that
both are a /32.
--
Can Bican
On Wed, Mar 3, 2010 at 4:48 PM, Tom Eastep <teastep@shorewall.net>
wrote:> Can Bican wrote:
>> Hi,
>>
>> I'm using something like this:
>>
>> REDIRECT tlm:!$SPECIFICIP 3128
>> tcp www - !$SQUIDHOST
>>
>> so that $SPECIFICIP bypasses Squid, and requests from $SQUIDHOST
>> aren't redirected back.
>
> The above advice is incorrect. The post from Jose Greico has correct
> rules as does the Shorewall Squid documentation
> (http://www.shorewall.net/Shorewall_Squid_Usage.html).
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Can Bican wrote:> I don''t see how my instance is different from the rule on that page, > that goes like: > > REDIRECT loc:!192.168.1.5,192.168.1.33\ > 3128 tcp www - > !206.124.146.177,130.252.100.0/24 > > In my example, $SPECIFICIP and $SQUIDHOST are more less the same (I > had to mention they''re supposed to be in params file), except that > both are a /32. >I understood that the OP wanted to exclude requests addressed to a particular IP range. If that is the case, then Jose''s post is much more to the point. Yours puts $SQUIDHOST in the ORIGINAL DEST column which isn''t what the OP wanted to do at all, if I understand correctly. And placing exclusions in the SOURCE column just muddies the waters. My $.02 -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Hello all, Thanks a lot. Your help was very important. Best Regards, Watanabe Anderson -------------------------------------------------- From: "Tom Eastep" <teastep@shorewall.net> Sent: Thursday, March 04, 2010 5:44 AM To: "Shorewall Users" <shorewall-users@lists.sourceforge.net> Subject: Re: [Shorewall-users] Excluding local target to squid> ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev> _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev