Greg Cockburn
2002-Oct-29 08:04 UTC
[Shorewall-users] transparent proxy on another machine
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I can not seem to get transparent proxying going with shorewall. I have second box 192.168.14.3 with squid. I have shorewall firewall/gateway 192.168.14.1 I set up transparent proxy using:=20 http://www.tldp.org/HOWTO/mini/TransparentProxy-6.html#ss6.2 now this works fine only if I change /etc/shorewall/policy from: all=09=09all=09=09REJECT to read: all =09=09all =09=09ACCEPT I have tried numerous rules in /etc/shorewall/rules but to no avail. Can anyone, someone please give me a clue as to why I can not get the packets=20 accepted before the last rule. Thanks, Greg. - --=20 Greg Cockburn, LCA Performance Magic Wellington New Zealand Phone +64 4 971 1980 Mobile +64 25 275 6378 ICQ# 19058919 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj2+QP8ACgkQyag+ETLtG8tXywCfd0vY1JtDVQDUNJsVX9bUTs6K qA4AoI+FALoiKQ0YgzYqYv78y3MhgYGy =3DuUDv -----END PGP SIGNATURE-----
Greg Cockburn wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I can not seem to get transparent proxying going with shorewall. > > I have second box 192.168.14.3 with squid. > > I have shorewall firewall/gateway 192.168.14.1 > > I set up transparent proxy using: > http://www.tldp.org/HOWTO/mini/TransparentProxy-6.html#ss6.2 > > now this works fine only if I change > /etc/shorewall/policy > from: > all all REJECT > to read: > all all ACCEPT > > I have tried numerous rules in > /etc/shorewall/rules but to no avail. > > Can anyone, someone please give me a clue as to why I can not get the packets > accepted before the last rule. >Given the information you have provided, we''d have to be mind readers. Did you look at http://www.shorewall.net/FAQ.htm#faq17 to try to understand WHY the connection is being rejected? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net