fabien
2003-Jul-22 09:34 UTC
[Shorewall-users] Shorewall 1.4.5 + redirect Squid proxy + Tcrule
I run Shorewall 1.4.5 with Squid *** policy ** loc fw ACCEPT fw net ACCEPT fw loc ACCEPT net all DROP info all all REJECT info I redirect all www to the port 3128 *** rules ** REDIRECT loc 3128 tcp www - !192.168.0.1 I enabled Tcrules ** tcrules file ** 1 eth0 0.0.0.0/0 all 3 fw 0.0.0.0/0 all All packets from eth0 are filtered by marked 3 If I make a direct connection, tcrule work fine *** policy ** loc net ACCEPT I would like to keep my proxy and enable traffic shapping on eth0 Any idea Thanks a lot Fabien
Tom Eastep
2003-Jul-22 09:40 UTC
[Shorewall-users] Shorewall 1.4.5 + redirect Squid proxy + Tcrule
On Tue, 2003-07-22 at 09:33, fabien wrote:> I run Shorewall 1.4.5 with Squid > *** policy ** > loc fw ACCEPT > fw net ACCEPT > fw loc ACCEPT > net all DROP info > all all REJECT info > > > I redirect all www to the port 3128 > *** rules ** > REDIRECT loc 3128 tcp www - !192.168.0.1 > > I enabled Tcrules > ** tcrules file ** > 1 eth0 0.0.0.0/0 all > 3 fw 0.0.0.0/0 all > > All packets from eth0 are filtered by marked 3 > > If I make a direct connection, tcrule work fine > *** policy ** > loc net ACCEPT > > I would like to keep my proxy and enable > traffic shapping on eth0 > > Any ideaSo what is the problem you are trying to solve? Your proxy is running on your firewall so it doesn''t need any packet marking or alternate routing table; you can therefore use the tcrules file strictly for traffic shaping. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net