MIkE
2003-Dec-03 05:57 UTC
[Shorewall-users] transparent proxy running in the local network
got it running, really easy !!! I am running shorewall 1.2.12 on a debian stable ! and have a squid as transparent proxy on another machine (debian testing) tried to get this work the hole day: I found this iptables: ------ iptables -t nat -A PREROUTING -i eth0 -s ! $squid_box -p tcp --dport 80 -j DNAT --to $squid_box:3128 iptables -t nat -A POSTROUTING -o eth0 -s $local_network -d $squid_box -j SNAT --to $iptables_box iptables -A FORWARD -s $local_network -d $squid_box -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT ------ thats not the best, but it''s easy ! so I tried to to that under shorewall: 192.168.66.100:3128 is my squid proxy 192.168.66.1 is my ''iptables-server'' 192.168.66.255 is my local network rules: ACCEPT local:!192.168.66.100 local:192.168.66.100:3128 tcp www - all masq: eth0 192.168.66.0/24!192.168.66.100 and there is a "local2local" user-chain made, but not(!) used by shorewall, so I did: iptables -I FORWARD 1 -i eth0 -o eth0 -j local2local and that''s it !!!! so now I am realy intrested to know, what you guys think about it?? because I don''t like the explenation from the shorewall-HP with iproute2, and I thougt this way also should stand there .... mike -- a woman can fake an orgasm, but it takes a man to fake an entire relationship :-)