Shorewall users - Aug 2003 - DNAT Not Forwarding ..

Hi,

I have an inetneal network, wst, and a squid 
proxy in the DMZ. I want to be able to redirect 
all requests to the internet from wst to the dmz 
proxy server, unless it is going to ip address 
a.b.c.d (192.168.168.5)
I did the following :

dnat  wst   dmz:192.168.2.2    tcp 3128 80 !192.168.168.5

I checked the wst_dnat chain:

Chain wst_dnat (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.11.1
tcp dpt:80 to:192.168.2.2
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.11.1
tcp spt:80 dpt:3128 to:192.168.2.2

The counters are always zero, they don''t change.

Thanks,





This message was sent through MyMail http://www.mymail.com.au

On Thu, 2003-08-28 at 06:13, deya@ozemail.com.au wrote:
> Hi,
> 
> I have an inetneal network, wst, and a squid 
> proxy in the DMZ. I want to be able to redirect 
> all requests to the internet from wst to the dmz 
> proxy server, unless it is going to ip address 
> a.b.c.d (192.168.168.5)
> I did the following :
> 
> dnat  wst   dmz:192.168.2.2    tcp 3128 80 !192.168.168.5
> 
> I checked the wst_dnat chain:
> 
> Chain wst_dnat (1 references)
>  pkts bytes target     prot opt in     out     source              
destination
>     0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
192.168.11.1       tcp dpt:80 to:192.168.2.2
>     0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
192.168.11.1       tcp spt:80 dpt:3128 to:192.168.2.2
> 
> The counters are always zero, they don''t change.
> 
Now that you''ve experimented on your own, try reading the
documentation:

http://shorewall.net/Shorewall_Squid_Usage.html

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net