Shorewall users - Jan 2003 - Redirecting localhost to proxy

I have a setup something like this:

WWW -- ADSL Router  --    Gateway      --        LAN
        10.0.0.2 -->  <-- 10.0.0.1
                        192.168.0.1 -->  <-- 192.168.0.X
                         Shorewall
                         Squid proxy

On the gateway, shorewall is sucessfully redirecting port 80 from the LAN
to the proxy on port 3128.  Is it possible to also redirect port 80 from
the gateway itself to the proxy?  I''ve tried the obvious:

REDIRECT   fw     3128    tcp     www       -
REDIRECT   fw     3128    udp     www       -

but this stops Squid working at all.  I suspect that this is because the
firewall is redirecting Squid''s own web access back to it again.

Bye,

Joe

--On Friday, January 03, 2003 01:39:34 PM +0000 Joseph Haig 
<jhaig@maths.man.ac.uk> wrote:
> I have a setup something like this:
>
> WWW -- ADSL Router  --    Gateway      --        LAN
>         10.0.0.2 -->  <-- 10.0.0.1
>                         192.168.0.1 -->  <-- 192.168.0.X
>                          Shorewall
>                          Squid proxy
>
> On the gateway, shorewall is sucessfully redirecting port 80 from the LAN
> to the proxy on port 3128.  Is it possible to also redirect port 80 from
> the gateway itself to the proxy?
Not if you want Squid to be able to access the web.
> I''ve tried the obvious:
>
> REDIRECT   fw     3128    tcp     www       -
> REDIRECT   fw     3128    udp     www       -
http is a TCP protocol -- the second rule is nonsense.
>
> but this stops Squid working at all.  I suspect that this is because the
> firewall is redirecting Squid''s own web access back to it again.
>
Yes -- that''s what you are doing.

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net