Shorewall users - Mar 2009 - Confirmation of Rules

Hi

I wan''t a small configuration:

    * I have a linux gateway with shorewall and Squid.

    * I use three zones:
          lan
          net
          fw

    * On the linux gateway, i have a Squid running on port 80

    * Actually, user put the proxy: IP LAN of the linux Gateway with port 80
    If the user don''t put the proxy, this is a direct connexion.

I wan''t create a rule for all port 80 access from zone Lan to port 80 
zone Net
are rediect to FW port 80 (squid)

i add this in rules ? :

REDIRECT        lan     80    tcp     www     -       !192.168.50.254

(192.168.50.254 are the linux gateway)

thanks
J.





------------------------------------------------------------------------------

Phibee Network Operation Center wrote:
> Hi
> 
> I wan''t a small configuration:
> 
>     * I have a linux gateway with shorewall and Squid.
> 
>     * I use three zones:
>           lan
>           net
>           fw
> 
>     * On the linux gateway, i have a Squid running on port 80
> 
>     * Actually, user put the proxy: IP LAN of the linux Gateway with port
80
>     If the user don''t put the proxy, this is a direct connexion.
> 
> I wan''t create a rule for all port 80 access from zone Lan to port
80
> zone Net
> are rediect to FW port 80 (squid)
> 
> i add this in rules ? :
> 
> REDIRECT        lan     80    tcp     www     -       !192.168.50.254
> 
Squid is usually configured to listen on port 3128, not 80. But if you
have configured yours to listen on 80, that is the correct redirect
rule. See http://www.shorewall.net/Shorewall_Squid_Usage.html

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------