Hello I''m using this rule for transparent proxy: # Transparent Proxy REDIRECT loc 3128 tcp www - ACCEPT fw net tcp www I want to some destinations to don''t use the proxy. How can I change the rule? Thanks Wilson ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl
On Thursday 20 October 2005 11:48, Wilson A. Galafassi Jr. wrote:> Hello > > I''m using this rule for transparent proxy: > > # Transparent Proxy > REDIRECT loc 3128 tcp www - > ACCEPT fw net tcp www > > I want to some destinations to don''t use the proxy. > > How can I change the rule? >REDIRECT loc 3128 tcp www - !<list of addresses> This is covered in the Shorewall Squid documentation (http://www.shorewall.net/Shorewall_Squid_Usage.html). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Thanks Tom. But In my case I have dansguardian and squid running on shorewall box. Squid listen in 127.0.0.1 8080 and dansguardian redirect incoming traffic (3128) to squid. I have created the rule but don''t work for me. This is my new rule: REDIRECT loc 8080 tcp www - !200.201.xxx.xxx ACCEPT fw net tcp www Thanks Wilson -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of Tom Eastep Sent: quinta-feira, 20 de outubro de 2005 16:55 To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] rule question On Thursday 20 October 2005 11:48, Wilson A. Galafassi Jr. wrote:> Hello > > I''m using this rule for transparent proxy: > > # Transparent Proxy > REDIRECT loc 3128 tcp www - > ACCEPT fw net tcp www > > I want to some destinations to don''t use the proxy. > > How can I change the rule? >REDIRECT loc 3128 tcp www - !<list of addresses> This is covered in the Shorewall Squid documentation (http://www.shorewall.net/Shorewall_Squid_Usage.html). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl
Wilson A. Galafassi Jr. escribió:> Thanks Tom. > > But In my case I have dansguardian and squid running on shorewall box. > > Squid listen in 127.0.0.1 8080 and dansguardian redirect incoming traffic > (3128) to squid. > > I have created the rule but don''t work for me. > This is my new rule: > REDIRECT loc 8080 tcp www - > !200.201.xxx.xxx > ACCEPT fw net tcp wwwwhat '' s your loc net policy ? BTW.. this topic is covered in the documentation... -- Cristian Rodriguez R. perl -e ''$_=pack(c5,0105,0107,0123,0132,(1<<3)+2);y[A-Z][N-ZA-M];print;''
My policy is to accept. I have readed the documentation. But I can''t solve my problem. Sorry Wilson -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of Cristian Rodriguez Sent: quinta-feira, 20 de outubro de 2005 17:14 To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] rule question Wilson A. Galafassi Jr. escribió:> Thanks Tom. > > But In my case I have dansguardian and squid running on shorewall box. > > Squid listen in 127.0.0.1 8080 and dansguardian redirect incoming traffic > (3128) to squid. > > I have created the rule but don''t work for me. > This is my new rule: > REDIRECT loc 8080 tcp www - > !200.201.xxx.xxx > ACCEPT fw net tcp wwwwhat '' s your loc net policy ? BTW.. this topic is covered in the documentation... -- Cristian Rodriguez R. perl -e ''$_=pack(c5,0105,0107,0123,0132,(1<<3)+2);y[A-Z][N-ZA-M];print;'' ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl
If I comment the rule for transparent proxy the works fine. The xxx.xxx.xxx.xxx host is a host for a governamental program and don''t work with proxy. Thanks Wilson -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of Cristian Rodriguez Sent: quinta-feira, 20 de outubro de 2005 17:14 To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] rule question Wilson A. Galafassi Jr. escribió:> Thanks Tom. > > But In my case I have dansguardian and squid running on shorewall box. > > Squid listen in 127.0.0.1 8080 and dansguardian redirect incoming traffic > (3128) to squid. > > I have created the rule but don''t work for me. > This is my new rule: > REDIRECT loc 8080 tcp www - > !200.201.xxx.xxx > ACCEPT fw net tcp wwwwhat '' s your loc net policy ? BTW.. this topic is covered in the documentation... -- Cristian Rodriguez R. perl -e ''$_=pack(c5,0105,0107,0123,0132,(1<<3)+2);y[A-Z][N-ZA-M];print;'' ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl
Problem solved. The documentation of the governamental program don''t mentione other ip to don''t use proxy. Thanks Wilson -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of Wilson A. Galafassi Jr. Sent: quinta-feira, 20 de outubro de 2005 17:19 To: shorewall-users@lists.sourceforge.net Subject: RE: [Shorewall-users] rule question If I comment the rule for transparent proxy the works fine. The xxx.xxx.xxx.xxx host is a host for a governamental program and don''t work with proxy. Thanks Wilson -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of Cristian Rodriguez Sent: quinta-feira, 20 de outubro de 2005 17:14 To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] rule question Wilson A. Galafassi Jr. escribió:> Thanks Tom. > > But In my case I have dansguardian and squid running on shorewall box. > > Squid listen in 127.0.0.1 8080 and dansguardian redirect incoming traffic > (3128) to squid. > > I have created the rule but don''t work for me. > This is my new rule: > REDIRECT loc 8080 tcp www - > !200.201.xxx.xxx > ACCEPT fw net tcp wwwwhat '' s your loc net policy ? BTW.. this topic is covered in the documentation... -- Cristian Rodriguez R. perl -e ''$_=pack(c5,0105,0107,0123,0132,(1<<3)+2);y[A-Z][N-ZA-M];print;'' ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl