mikalzet@libero.it
2002-Nov-10 22:56 UTC
[Shorewall-users] wwwoffled on a standalone: port redirection possible ?
I have a working shorewall on my standalone modem dialup mandrake 9.0. The config files are set in accordance to the standalone example. I also run wwwoffled so as to allow offline navigation. In shorewall documentation there is an example with squid whereby all the requests for internet access are redirected to squid. Running woffled requires that every user set each and every browser to use port 8080 of localhost as proxy; it would be neat if all requests for internet access were automatically redirected to this port. I tried the following in rules: REDIRECT $FW 8080 tcp www - The rule is accepted, but my browsers are NOT automatically redirected through wwwoffled, it seems. Is it possible to do this at all ? -- Michele Alzetta
Tom Eastep
2002-Nov-11 16:54 UTC
[Shorewall-users] wwwoffled on a standalone: port redirection possible ?
--On Sunday, November 10, 2002 11:56:51 PM +0100 "mikalzet@libero.it" <mikalzet@libero.it> wrote:> > Running woffled requires that every user set each and every browser to > use port 8080 of localhost as proxy; it would be neat if all requests > for internet access were automatically redirected to this port. > I tried the following in rules: > > REDIRECT $FW 8080 tcp www - > > The rule is accepted, but my browsers are NOT automatically redirected > through wwwoffled, it seems. > > Is it possible to do this at all ? >Depends on whether wwwoffed can be configured as a transparent proxy -- transparent proxy requires the above rule AND proxy participation. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep
2002-Nov-11 17:06 UTC
[Shorewall-users] wwwoffled on a standalone: port redirection possible ?
--On Sunday, November 10, 2002 11:56:51 PM +0100 "mikalzet@libero.it" <mikalzet@libero.it> wrote:> > I have a working shorewall on my standalone modem dialup mandrake 9.0. > The config files are set in accordance to the standalone > example. > > I also run wwwoffled so as to allow offline navigation. > In shorewall documentation there is an example with squid whereby all the > requests for internet access are redirected to squid. > > Running woffled requires that every user set each and every browser to > use port 8080 of localhost as proxy; it would be neat if all requests > for internet access were automatically redirected to this port. > I tried the following in rules: > > REDIRECT $FW 8080 tcp www - > > The rule is accepted, but my browsers are NOT automatically redirected > through wwwoffled, it seems. > > Is it possible to do this at all ? >Also, IIRC Mandrake 9.0 uses a 2.4.19 kernel -- that kernel should support the above REDIRECT command correctly. Older kernels accept the command but don''t work while some 2.4.18 kernels reject the command. There is a new kernel configuration option (CONFIG_IP_NF_NAT_LOCAL) which enables this type of local redirection/DNAT. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net