I set mine up like so (in the rules file) and it works fine: ACCEPT=09loc=09loc:192.168.10.1:3128=09tcp=09www=09-=09!192.168.10.0 or ACCEPT=09loc=09loc:proxyaddress:port=09tcp=09outgoing_port=09-=09!exclude_hosts_mask Cheers! On July 16, 2002 12:37 pm, Richard Cochius wrote:> Hallo, > > i got a little problem with redirection. > > The situation is: > > I want the redirect queries to port 80,443,21 and 20 to an proxy server=2E > The users and the proxy are in the same network. The proxy doesn=B4t run on > the the firewall. > The proxy has address 192.89.12.231 and ist listen on port 8080. The > Firewall has on the local side 192.89.12.234.--=20 Paul Slinski System Administrator Global IQX http://www.globaliqx.com/ pauls@globaliqx.com
Paul Slinski (16.7.2002 18:55):>I set mine up like so (in the rules file) and it works fine: > >ACCEPT loc loc:192.168.10.1:3128 tcp www - !192.168.10.0 Well it''s funny but this rule doesn''t work too :o) I have checked it on my firewall and redirected port 5000 (for example) from local subnet to one of my PCs (also in the same local subnet) ACCEPT loc loc:192.168.43.35:5005 tcp 5000 - !192.168. 43.0 and it (telnet 195.80.166.7 5000) doesn''t work...no connection to 192.168.43. 35:5005 Paul .. do your connections work also without something like this : ACCEPT loc:192.168.10.1 net tcp www =3F=3F=3F> >or > >ACCEPT loc loc:proxyaddress:port tcp outgoing=5Fport -!exclude=5Fhosts=5Fmask> >Cheers! > >On July 16, 2002 12:37 pm, Richard Cochius wrote: >> Hallo, >> >> i got a little problem with redirection. >> >> The situation is: >> >> I want the redirect queries to port 80,443,21 and 20 to an proxy server. >> The users and the proxy are in the same network. The proxy doesn=B4t run on >> the the=20firewall. >> The proxy has address 192.89.12.231 and ist listen on port 8080. The >> Firewall has on the local side 192.89.12.234. > >-- >Paul Slinski >System Administrator >Global IQX >http://www.globaliqx.com/ >pauls@globaliqx.com > >=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F >Shorewall-users mailing list >Shorewall-users@shorewall.net >http://www.shorewall.net/mailman/listinfo/shorewall-users
My policy contains: loc=09net=09ACCEPT One thing you need to consider is: ACCEPT=09$FW=09net=09tcp=0980 and ACCEPT=09loc=09$FW=09tcp=0980 Is your squid server getting a hit? tail -f /use/local/squid/logs/access.log and try to connect to the web via a=20 workstation. If not, then the firewall may be blocking your incoming connections. tail /vat/log/messages | grep DPT=3D80 Your squid config needs to be set up correctly also. Find these options in=20 your squid.conf: httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on and squid bound to internal interfaces only: http_port 192.168.10.x:3128 http_port 192.168.10.y:3128 and it should have been compiled with the following option: (this is squid 2.4 stable 6) --enable-linux-netfilter Hope some of this helps. Feel free to ask for more details as needed. On July 16, 2002 01:36 pm, SHOREWALL TimeLord wrote:> Paul Slinski (16.7.2002 18:55): > >I set mine up like so (in the rules file) and it works fine: > > > >ACCEPT loc loc:192.168.10.1:3128 tcp www - =20 > > !192.168. > > 10.0 > > > Well it''s funny but this rule doesn''t work too :o) > I have checked it on my firewall and redirected port 5000 (for example) > from local subnet to one of my PCs (also in the > same local subnet) > ACCEPT loc loc:192.168.43.35:5005 tcp 5000 - =20 > !192.168. 43.0 > and it (telnet 195.80.166.7 5000) doesn''t work...no connection to > 192.168.43. 35:5005--=20 Paul Slinski System Administrator Global IQX http://www.globaliqx.com/ pauls@globaliqx.com
On 16 Jul 2002, SHOREWALL TimeLord wrote:> Paul Slinski (16.7.2002 18:55): > >I set mine up like so (in the rules file) and it works fine: > > > >ACCEPT loc loc:192.168.10.1:3128 tcp www - !192.168. > 10.0 > > > Well it''s funny but this rule doesn''t work too :o) > I have checked it on my firewall and redirected port 5000 (for example) from > local subnet to one of my PCs (also in the > same local subnet) > ACCEPT loc loc:192.168.43.35:5005 tcp 5000 - !192.168. > 43.0 > and it (telnet 195.80.166.7 5000) doesn''t work...no connection to 192.168.43. > 35:5005 >Did you specify ''multi'' on the local interface? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net