Hi all! I know this is a really frequently asked questions and there is exhaustive documentation on this on http://www.shorewall.net/Shorewall_Squid_Usage.html. But still I cannot get it to work. I just set up squid on a box in the dmz. If I configure the browsers in the local zone to use the proxy squid works as expected. But the DNAT rules mentioned in the docs doesn''t seem to work. I use: DNAT loc dmz0:x.y.z.154:3128 tcp 80 ACCEPT loc dmz0:x.y.z.154 tcp 3128 Thanks for any hint, Christian -- you don''t need eyes to see you need visions. ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
Christian Lox wrote:> Hi all! > > I know this is a really frequently asked questions and there is > exhaustive documentation on this on > http://www.shorewall.net/Shorewall_Squid_Usage.html. > > But still I cannot get it to work. > I just set up squid on a box in the dmz. > If I configure the browsers in the local zone to use the proxy squid > works as expected. > But the DNAT rules mentioned in the docs doesn''t seem to work. > I use: > DNAT loc dmz0:x.y.z.154:3128 tcp 80 > ACCEPT loc dmz0:x.y.z.154 tcp 3128Once again, this usually means that you have failed to configure Squid properly for transparent operation. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> > Once again, this usually means that you have failed to configure Squid > properly for transparent operation. >Or, it might mean that you have DETECT_DNAT_IPADDRS=Yes. Once again, there are instructions at http://www.shorewall.net/support.htm for submitting a proper Shorewall problem report -- if those instructions aren''t followed then we get to guess what your configuration looks like. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
mostly, it would be Squid misconfiguration. It is better for you to provide us the squid config file. On 9/17/05, Tom Eastep <teastep@shorewall.net> wrote:> Tom Eastep wrote: > > > > > Once again, this usually means that you have failed to configure Squid > > properly for transparent operation. > > > > Or, it might mean that you have DETECT_DNAT_IPADDRS=Yes. Once again, > there are instructions at http://www.shorewall.net/support.htm for > submitting a proper Shorewall problem report -- if those instructions > aren''t followed then we get to guess what your configuration looks like. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > >-- Regards, Wong Chee Chun Network Engineer Softmy Co. Ltd (http://www.softmy.com) ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php