> Hi, I am use shorewall 1.4.7 version on a RH9 linux, > and I am very satisfied how it works.''Iptables made > easy'' is true. > This is my problem: > I am three Nic''s: > - eth0 internet wich have privateadress> 192.168.18.198 conected to my ISP > -eth1 and eth2 each with one fullclass> routed class C ip''s so I don''t use Maquerade. > Because I have a private IP on wan interface eth0 i > must put squid (in transparent mode) on oneinterface> eth1 or eth2. > I folowed instruction founded on shorewall FAQ and > mailing list but i can''t have log''s on/var/log/squid.> Can anyone help me and if something it goes wronggive> me a method for verifiing what I have done ? > I used squid when i had real IP on external > interface > and it works very well.Alex __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
On Fri, 2003-10-24 at 08:23, titus grig wrote:> > Hi, I am use shorewall 1.4.7 version on a RH9 linux, > > and I am very satisfied how it works.''Iptables made > > easy'' is true. > > This is my problem: > > I am three Nic''s: > > - eth0 internet wich have private > adress > > 192.168.18.198 conected to my ISP > > -eth1 and eth2 each with one full > class > > routed class C ip''s so I don''t use Maquerade. > > Because I have a private IP on wan interface eth0 i > > must put squid (in transparent mode) on one > interface > > eth1 or eth2. > > I folowed instruction founded on shorewall FAQ and > > mailing list but i can''t have log''s on > /var/log/squid. > > Can anyone help me and if something it goes wrong > give > > me a method for verifiing what I have done ? > > I used squid when i had real IP on external > > interface > > and it works very well.Have you configured Squid itself to act as a transparent proxy? Is it listening on the same port that you have specified in your REDIRECT rules? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Sat, 2003-10-25 at 02:08, titus grig wrote:> Yes I did configured squid, but I can''t understand why > it does not works. You have wrote a message to > somebody how to verify settings but the user had used > a configuration with Dmz, and private ip''s on his lan.Private/public IPs have absolutely nothing to do with how you run Squid on your firewall. a) "shorewall show nat" - you will see a chain called "loc_dnat" which should have a single REDIRECT rule in it. The packet count should increment each time that your browser tries to open a remote web site. b) "shorewall show loc2fw" - you will see an ACCEPT rule for the port that you have redirected your web traffic to. The packet count should similarly increment. c) "shorewall show fw2net" - you should see an ACCEPT rule for tcp port 80. It''s packet count will increment for each new web site that Squid visits.> Can I ask what is shorewall sintax for mac > verification?In this age of search engines, it appears that people have somehow forgotten how to use an alphabetical index. At the Shorewall home page (or at the "index.html file in the documentation that is packaged with Shorewall) is a link in bold type named "Documentation". There you will find a Alphabetical index for the Shorewall Documentation. Go down to the "M"s and you will find a link entitled "MAC Verification". Follow it. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net