I am trying to help a school run dansguardian transparent. I added the
following to shorewalls rules, and from a tail of messages it seemed to be
working, but he called saying no one had Internet. What should the rule be
if this does not redirect port 80 to 8080?
REDIRECT loc 8080 tcp www -
!10.192.0.2 (web on dmz)
ACCEPT fw net tcp www
Raymond
.Appeasement is feeding a crocodile in hopes of being eaten last
--- Winston Churchill
Raymond Norton wrote:> I am trying to help a school run dansguardian transparent. I added the > following to shorewalls rules, and from a tail of messages it seemed to be > working, but he called saying no one had Internet. What should the rule be > if this does not redirect port 80 to 8080? > > > REDIRECT loc 8080 tcp www - > !10.192.0.2 (web on dmz) > ACCEPT fw net tcp www >Those are the correct rules -- not all connectivity problems are Shorewall rule problems. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> Raymond Norton wrote: > >> I am trying to help a school run dansguardian transparent. I added the >> following to shorewalls rules, and from a tail of messages it seemed >> to be >> working, but he called saying no one had Internet. What should the >> rule be >> if this does not redirect port 80 to 8080? >> >> >> REDIRECT loc 8080 tcp www - >> !10.192.0.2 (web on dmz) >> ACCEPT fw net tcp www >> > > Those are the correct rules -- not all connectivity problems are > Shorewall rule problems. >For example: a) Is the proxy listening on port 8080 or is it listening on the default port of 3128? b) Is the proxy properly configured for transparent operation? c) Is DNS name resolution working properly from the firewall? ... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net