Hello All, I have this scenario: Shorewall "A" ppp0 - net eth1 - loc-a - 10.11.1.0/24 eth2 - loc-b - 10.21.2.0/24 (10.21.2.5/24) eth3 - loc-c - 10.31.3.0/24 Shorewall "B" ppp0 - net eth1 - loc-d - 10.21.2.0/24 (10.21.2.6/24) eth2 - loc-e - 10.41.4.0/24 Today, I''m running a Squid Proxy at Shorewall "A" (10.11.1.5/24), and all people at "loc-a, loc-b and loc-c", use this proxy. Now, I need to create a second option, to use the Squid Proxy at Shorewall "B", (10.21.2.6/24), from 10.11.1.0/24, 10.21.2.0/24 and 10.31.3.0/24. At my "/etc/shorewall/rules", I have: REDIRECT loc-a 3128 tcp 80 REDIRECT loc-b 3128 tcp 80 REDIRECT loc-c 3128 tcp 80 ACCEPT $FW net Now, I need that 10.11.1.51~10.11.1.100 can access the proxy server on 10.21.2.6 ip address? REDIRECT loc-a:10.11.1.51-10.11.1.100 10.21.2.6:3128 tcp 80 (is it correct ???) Who can help me? Best regards, Watanabe Anderson. ------------------------------------------------------------------------------
On 5/26/10 12:52 AM, Watanabe Anderson wrote:> > Now, I need to create a second option, to use the Squid Proxy at > Shorewall "B", (10.21.2.6/24), from 10.11.1.0/24, 10.21.2.0/24 and > 10.31.3.0/24. > > > At my "/etc/shorewall/rules", I have: > > REDIRECT loc-a 3128 tcp 80 > REDIRECT loc-b 3128 tcp 80 > REDIRECT loc-c 3128 tcp 80 > ACCEPT $FW net > > > Now, I need that 10.11.1.51~10.11.1.100 can access the proxy server on > 10.21.2.6 ip address? > > > REDIRECT loc-a:10.11.1.51-10.11.1.100 10.21.2.6:3128 tcp 80 (is > it correct ???)No.> > > Who can help me? >You need a DNAT rule rather than a REDIRECT rule. See http://www.shorewall.net/Shorewall_Squid_Usage.html#DMZ. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------