thr3ads.net - Shorewall users - [Shorewall-users] transparent proxy running in the local network [Dec 2003]

If this information is useful, please help other people find it:
Share via:

MIkE

2003-Dec-03 05:57 UTC

[Shorewall-users] transparent proxy running in the local network

got it running, really easy !!!


I am running shorewall 1.2.12 on a debian stable !
and have a squid as transparent proxy on another machine (debian
testing)


tried to get this work the hole day:
I found this iptables:
------
iptables -t nat -A PREROUTING -i eth0 -s ! $squid_box -p tcp
--dport 80 -j DNAT --to $squid_box:3128                               

iptables -t nat -A POSTROUTING -o eth0 -s $local_network -d $squid_box
-j SNAT --to $iptables_box                                            

iptables -A FORWARD -s $local_network -d $squid_box -i eth0 -o eth0 -p
tcp --dport 3128 -j ACCEPT
------
thats not the best, but it''s easy !


so I tried to to that under shorewall:
192.168.66.100:3128 is my squid proxy
192.168.66.1 is my ''iptables-server''
192.168.66.255 is my local network

rules:
ACCEPT local:!192.168.66.100 local:192.168.66.100:3128 tcp www - all

masq:
eth0      192.168.66.0/24!192.168.66.100

and there is a "local2local" user-chain made, but not(!) used by
shorewall, so I did:
iptables -I FORWARD 1 -i eth0 -o eth0 -j local2local

and that''s it !!!!



so now I am realy intrested to know, what you guys think about it??
because I don''t like the explenation from the shorewall-HP with
iproute2, and I thougt this way also should stand there ....


mike
-- 
a woman can fake an orgasm,
but it takes a man
to fake an entire relationship

:-)

Possibly Parallel Threads

Search for more maybe matching threads

Shorewall users - Dec 2003 - transparent proxy running in the local network

[Shorewall-users] transparent proxy running in the local network

Possibly Parallel Threads

Wisdom of the Ancients