Hi, I am trying to redirect my subnet thru squid and it seems to be working. However I decided tu exclude two hosts from the redirect (ie acces the net directly) and can''t manage to achieve that. I am using the following rule: REDIRECT loc:!192.168.13.48,!192.168.13.200 3128 tcp 80 - With this rule everything gets redirected thru squid. I also tried: REDIRECT loc:!192.168.13.48,192.168.13.200 3128 tcp 80 - This way, the 48 host does not get redirected but the 200 does. Any suggestion ? I am using shorewall 2.2.1 Thnak you, --- Ligiu Uiorean System Engineer Lasselsberger Ceramics Division Romania ligiu.uiorean@ro.lasselsberger.com tel. +40-740-116.117
How about putting ACCEPT loc:192.168.13.48 net tcp 80 ACCEPT loc:192.168.13.200 net tcp 80 before the REDIRECT rule? Zviratko Uiorean Ligiu A. wrote:> Hi, > > I am trying to redirect my subnet thru squid and it seems to be working. > However I decided tu exclude two hosts from the redirect (ie acces the > net directly) and can''t manage to achieve that. I am using the following > rule: > > > > REDIRECT loc:!192.168.13.48,!192.168.13.200 3128 > tcp 80 - > > > > With this rule everything gets redirected thru squid. I also tried: > > > > REDIRECT loc:!192.168.13.48,192.168.13.200 3128 > tcp 80 - > > > > This way, the 48 host does not get redirected but the 200 does. > > > > Any suggestion ? I am using shorewall 2.2.1 > > > > > > Thnak you, > > > > --- > > Ligiu Uiorean > > System Engineer > > Lasselsberger Ceramics Division > > Romania > > ligiu.uiorean@ro.lasselsberger.com > > tel. +40-740-116.117 > > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Uiorean Ligiu A. a écrit :> Hi, > > I am trying to redirect my subnet thru squid and it seems to be working. > However I decided tu exclude two hosts from the redirect (ie acces the > net directly) and can''t manage to achieve that. I am using the following > rule: > > > > REDIRECT loc:!192.168.13.48,!192.168.13.200 3128 > tcp 80 - > > > > With this rule everything gets redirected thru squid. I also tried: > > > > REDIRECT loc:!192.168.13.48,192.168.13.200 3128 > tcp 80 - >try like this REDIRECT loc 3128 tcp 80 - !192.168.13.48,192.168.13.200 -- Alexandre ARNOUD MIRANE SAS 16, rue du 8 mai 1945 33150 CENON Email : aarnoud@mirane.com Tél : 05 57 77 12 15 Fax : 05 57 77 34 90 http://www.mirane.com
The accept rules are there. --- Ligiu Uiorean System Engineer Lasselsberger Ceramics Division Romania ligiu.uiorean@ro.lasselsberger.com tel. +40-740-116.117 -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Jan Schermer Sent: Tuesday, February 22, 2005 12:48 PM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] selective redirect How about putting ACCEPT loc:192.168.13.48 net tcp 80 ACCEPT loc:192.168.13.200 net tcp 80 before the REDIRECT rule? Zviratko Uiorean Ligiu A. wrote:> Hi, > > I am trying to redirect my subnet thru squid and it seems to beworking.> However I decided tu exclude two hosts from the redirect (ie acces the > net directly) and can''t manage to achieve that. I am using thefollowing> rule: > > > > REDIRECT loc:!192.168.13.48,!192.168.13.200 3128 > tcp 80 - > > > > With this rule everything gets redirected thru squid. I also tried: > > > > REDIRECT loc:!192.168.13.48,192.168.13.200 3128 > tcp 80 - > > > > This way, the 48 host does not get redirected but the 200 does. > > > > Any suggestion ? I am using shorewall 2.2.1 > > > > > > Thnak you, > > > > --- > > Ligiu Uiorean > > System Engineer > > Lasselsberger Ceramics Division > > Romania > > ligiu.uiorean@ro.lasselsberger.com > > tel. +40-740-116.117 > > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
I don''t think that will work, that column is for excluding destinations. --- Ligiu Uiorean System Engineer Lasselsberger Ceramics Division Romania ligiu.uiorean@ro.lasselsberger.com tel. +40-740-116.117 -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Alexandre ARNOUD Sent: Tuesday, February 22, 2005 12:53 PM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] selective redirect Uiorean Ligiu A. a écrit :> Hi, > > I am trying to redirect my subnet thru squid and it seems to be working. > However I decided tu exclude two hosts from the redirect (ie acces the > net directly) and can''t manage to achieve that. I am using the following > rule: > > > > REDIRECT loc:!192.168.13.48,!192.168.13.200 3128 > tcp 80 - > > > > With this rule everything gets redirected thru squid. I also tried: > > > > REDIRECT loc:!192.168.13.48,192.168.13.200 3128 > tcp 80 - >try like this REDIRECT loc 3128 tcp 80 - !192.168.13.48,192.168.13.200 -- Alexandre ARNOUD MIRANE SAS 16, rue du 8 mai 1945 33150 CENON Email : aarnoud@mirane.com Tél : 05 57 77 12 15 Fax : 05 57 77 34 90 http://www.mirane.com _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
I''ve got it it has to be "ACCEPT+", not just "ACCEPT" citing from comments: ACCEPT+ -- like ACCEPT but also excludes the connection from any subsequent DNAT[-] or REDIRECT[-] rules Should be what you want Jan Uiorean Ligiu A. wrote:> I don''t think that will work, that column is for excluding destinations. > > --- > Ligiu Uiorean > System Engineer > Lasselsberger Ceramics Division > Romania > ligiu.uiorean@ro.lasselsberger.com > tel. +40-740-116.117 > > -----Original Message----- > From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Alexandre ARNOUD > Sent: Tuesday, February 22, 2005 12:53 PM > To: Mailing List for Shorewall Users > Subject: Re: [Shorewall-users] selective redirect > > Uiorean Ligiu A. a écrit : > >>Hi, >> >>I am trying to redirect my subnet thru squid and it seems to be working. >>However I decided tu exclude two hosts from the redirect (ie acces the >>net directly) and can''t manage to achieve that. I am using the following >>rule: >> >> >> >>REDIRECT loc:!192.168.13.48,!192.168.13.200 3128 >>tcp 80 - >> >> >> >>With this rule everything gets redirected thru squid. I also tried: >> >> >> >>REDIRECT loc:!192.168.13.48,192.168.13.200 3128 >>tcp 80 - >> > > > try like this > > REDIRECT loc 3128 tcp 80 > - !192.168.13.48,192.168.13.200 >
It works, thank you! --- Ligiu Uiorean System Engineer Lasselsberger Ceramics Division Romania ligiu.uiorean@ro.lasselsberger.com tel. +40-740-116.117 -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Jan Schermer Sent: Tuesday, February 22, 2005 3:11 PM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] selective redirect I''ve got it it has to be "ACCEPT+", not just "ACCEPT" citing from comments: ACCEPT+ -- like ACCEPT but also excludes the connection from any subsequent DNAT[-] or REDIRECT[-] rules Should be what you want Jan Uiorean Ligiu A. wrote:> I don''t think that will work, that column is for excluding destinations. > > --- > Ligiu Uiorean > System Engineer > Lasselsberger Ceramics Division > Romania > ligiu.uiorean@ro.lasselsberger.com > tel. +40-740-116.117 > > -----Original Message----- > From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Alexandre ARNOUD > Sent: Tuesday, February 22, 2005 12:53 PM > To: Mailing List for Shorewall Users > Subject: Re: [Shorewall-users] selective redirect > > Uiorean Ligiu A. a écrit : > >>Hi, >> >>I am trying to redirect my subnet thru squid and it seems to be working. >>However I decided tu exclude two hosts from the redirect (ie acces the >>net directly) and can''t manage to achieve that. I am using the following >>rule: >> >> >> >>REDIRECT loc:!192.168.13.48,!192.168.13.200 3128 >>tcp 80 - >> >> >> >>With this rule everything gets redirected thru squid. I also tried: >> >> >> >>REDIRECT loc:!192.168.13.48,192.168.13.200 3128 >>tcp 80 - >> > > > try like this > > REDIRECT loc 3128 tcp 80 > - !192.168.13.48,192.168.13.200 >