Hello Group
I am trying to set up a demo of Squid at my location to to a person that
has proxy ports blocked on his firewall at his location by having him set his IE
Browser
set to use proxy server 64.42.49.235 port 80.
My thinking was to set up a rule in shorewall which redirects port 80 to 3128 as
in a local setting. My test server is running rh 7.3, Shorewall 1.3.14 with one
interface eth0 64.42.49.235
The rule which did not work for my test was simply the REDIRECT net 3128 tcp www
-
!64.42.49.237
During this test I changed the browser settings on one of my FQ computer server
running win 2k server to proxy 64.42.49.235 and port 80 as the proxy port
Shorewall would not redirect the port as in the rule above instead it hits the
test page on the httpd "apache"???????????
Any ideas
Thanks,
Mike
Mistake in first post
the rule I entered as follows
REDIRECT net 3128 tcp www -!64.42.49.235
----- Original Message -----
From: "Mike" <landers@lanlinecomputers.com>
To: "Shorewall Users" <shorewall-users@lists.shorewall.net>
Sent: Monday, August 04, 2003 1:48 PM
Subject: [Shorewall-users] Redirect 80 to 3128
Hello Group
I am trying to set up a demo of Squid at my location to to a person
that has proxy ports blocked on his firewall at his location by having him
set his IE Browser
set to use proxy server 64.42.49.235 port 80.
My thinking was to set up a rule in shorewall which redirects port 80 to
3128 as in a local setting. My test server is running rh 7.3, Shorewall
1.3.14 with one interface eth0 64.42.49.235
The rule which did not work for my test was simply the REDIRECT net 3128 tcp
www -
!64.42.49.237
During this test I changed the browser settings on one of my FQ computer
server running win 2k server to proxy 64.42.49.235 and port 80 as the proxy
port
Shorewall would not redirect the port as in the rule above instead it hits
the test page on the httpd "apache"???????????
Any ideas
Thanks,
Mike
_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe:
http://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm
On Mon, 2003-08-04 at 13:48, Mike wrote:> Hello Group > I am trying to set up a demo of Squid at my location to to a person that has proxy ports blocked on his firewall at his location by having him set his IE Browser > set to use proxy server 64.42.49.235 port 80.And that proxy server does or does not have anything to do with you or your firewall?> > My thinking was to set up a rule in shorewall which redirects port 80 to 3128 as in a local setting. My test server is running rh 7.3, Shorewall 1.3.14 with one interface eth0 64.42.49.235 > > The rule which did not work for my test was simply the REDIRECT net 3128 tcp www - > !64.42.49.237 >Ok -- that rule says attempts to connect to port 80 on your server where the original destination address is not 64.42.49.237 (which is different from what you quoted above) will be redirected to port 3128 on your firewall. Is 64.42.49.237 the firewall''s external IP address?> > > During this test I changed the browser settings on one of my FQ computer serverWhatever is a FO computer server? And is it inside or outside of your firewall? Because the REDIRECT rule only that you have above only works from outside.> running win 2k server to proxy 64.42.49.235 and port 80 as the proxy portSo you are running this system as a Proxy? And it is where? Inside or outside of your firewall?> Shorewall would not redirect the port as in the rule above instead it hits the test page on the httpd "apache"??????????? >Where is this apache server running? Frankly I''m lost.... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Hi Mike, Depends on which box Squid is setup on. The firewall/shorewall, Local or DMZ? Check out the Squid link. Click on the documentation link at www.shorewall.net and then the squid link on that page. Its down towards the bottom. It will describe how to setup shorewall. Here''s the link: http://www.shorewall.net/Shorewall_Squid_Usage.html JBanks __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
Squid and Apache shorewall are running on the same server 64.42.49.235. I have set squid to listen to the public for a test on 3128. You could set your browser to use it now on 3128 and it would work if it was in the rules to allow 3128 , but I am trying to redirect the net port 80 to 3128 because my client I want to demo squid and squidgaurd cant use 3128 from his location because it is blocked on his firewall This is just a demo to show squid and squidgaurd content filtering. It is set up to listen to the public here are my rules ACCEPT net fw icmp 8 ACCEPT net fw tcp 22 ACCEPT net fw tcp 10000 ACCEPT net fw tcp 80 REDIRECT net 3128 tcp 3128 80 --------------------------------------- ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Mike" <mike@tituswill.com> Cc: "Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Monday, August 04, 2003 2:00 PM Subject: Re: [Shorewall-users] Redirect 80 to 3128> On Mon, 2003-08-04 at 13:48, Mike wrote: > > Hello Group > > I am trying to set up a demo of Squid at my location to to a personthat has proxy ports blocked on his firewall at his location by having him set his IE Browser> > set to use proxy server 64.42.49.235 port 80. > > And that proxy server does or does not have anything to do with you or > your firewall? > > > > > My thinking was to set up a rule in shorewall which redirects port 80 to3128 as in a local setting. My test server is running rh 7.3, Shorewall 1.3.14 with one interface eth0 64.42.49.235> > > > The rule which did not work for my test was simply the REDIRECT net 3128tcp www -> > !64.42.49.237 > > > > Ok -- that rule says attempts to connect to port 80 on your server where > the original destination address is not 64.42.49.237 (which is different > from what you quoted above) will be redirected to port 3128 on your > firewall. Is 64.42.49.237 the firewall''s external IP address? > > > > > > > During this test I changed the browser settings on one of my FQ computerserver> > Whatever is a FO computer server? And is it inside or outside of your > firewall? Because the REDIRECT rule only that you have above only works > from outside. > > > running win 2k server to proxy 64.42.49.235 and port 80 as the proxyport> > So you are running this system as a Proxy? And it is where? Inside or > outside of your firewall? > > > Shorewall would not redirect the port as in the rule above instead ithits the test page on the httpd "apache"???????????> > > > Where is this apache server running? > > Frankly I''m lost.... > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
On Mon, 2003-08-04 at 14:14, Mike wrote:> Squid and Apache shorewall are running on the same server 64.42.49.235. I > have set squid to listen to the public for a test on 3128. > You could set your browser to use it now on 3128 and it would work if it was > in the rules to allow 3128 , but I am trying to redirect the net port 80 to > 3128 because my client I want to demo squid and squidgaurd cant use 3128 > from his location because it is blocked on his firewall > This is just a demo to show squid and squidgaurd content filtering. It is > set up to listen to the public here are my rules > > ACCEPT net fw icmp 8 > ACCEPT net fw tcp 22 > > ACCEPT net fw tcp 10000 > ACCEPT net fw tcp 80 > REDIRECT net 3128 tcp 3128 80That rule is bogus: Should be: REDIRECT net 3128 tcp 80 -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Mon, 2003-08-04 at 14:18, Tom Eastep wrote:> On Mon, 2003-08-04 at 14:14, Mike wrote: > > Squid and Apache shorewall are running on the same server 64.42.49.235. I > > have set squid to listen to the public for a test on 3128. > > You could set your browser to use it now on 3128 and it would work if it was > > in the rules to allow 3128 , but I am trying to redirect the net port 80 to > > 3128 because my client I want to demo squid and squidgaurd cant use 3128 > > from his location because it is blocked on his firewall > > This is just a demo to show squid and squidgaurd content filtering. It is > > set up to listen to the public here are my rules > > > > ACCEPT net fw icmp 8 > > ACCEPT net fw tcp 22 > > > > ACCEPT net fw tcp 10000 > > ACCEPT net fw tcp 80 > > REDIRECT net 3128 tcp 3128 80 > > That rule is bogus: Should be: > > REDIRECT net 3128 tcp 80Also be sure that Squid is configured as a plain old Proxy on port 3128 -- normally, that''s the port used for transparent proxy and Squid would listen on port 8080 for non-transparent proxying (or that''s the way mine is configured anyway and I think it''s rather vanilla). -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Mon, 2003-08-04 at 14:23, Tom Eastep wrote:> > Also be sure that Squid is configured as a plain old Proxy on port 3128 > -- normally, that''s the port used for transparent proxy and Squid would > listen on port 8080 for non-transparent proxying (or that''s the way mine > is configured anyway and I think it''s rather vanilla). >Duh -- please ignore the above nonsense -- I checked my squid.conf file and I have 3128 and 8080 configured identically (both specified as "http_port".) -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net