If you are willing to patch your iptables and kernel to support the ROUTE
target, the code in CVS project Shorewall2/ now supports very flexible
routing. As an example, I run Squid in my DMZ for transparent proxy. Rather
than the complex routing setup described in
http://shorewall.net/Shorewall_Squid_Usage.html, I now use this single entry
in /etc/shorewall/routes to route all HTTP requests from the internal
network to 206.124.146.177 in the DMZ:
#SOURCE DEST PROTO PORT(S) SOURCE INTERFACE GATEWAY
# PORT(S)
$INT_IF 0.0.0.0/0 tcp 80 - $DMZ_IF 206.124.146.177
Happy routing,
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.ke
