I''m trying to get TPROXY / Squid running and I have a few questions... I found this page: http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY However, it doesn''t explain what I''m seeing in the configuration. For the zone file, do I keep my loc and net configurations and just add the following to the file? - lo - - or do I remove the loc and net zones and replace it with the above line? When I try to use the following line in providers: Tproxy 1 1 - lo - local and this line in tcrules TPROXY(1,3128) eth0 0.0.0.0/0 tcp 80 and finally these lines in rules ACCEPT loc $FW tcp SP (or) (ACCEPT lo $FW tcp SP) ACCEPT $FW net tcp 80 I get an unknown source zone (lo). What am I looking at here? I''m assuming that this perspective is configuring the inside going out. Eth0 is loc (local) zones: fw firewall loc ipv4 net Interfaces: - lo - - loc eth0 detect routeback net eth1 Where does "lo" come into play? What is this doing? When it is said on the page that we assume Z is eth1. What is eth1? Is that the local our net interface? In my case would the "Z" in the rules section be loc or net then? I was assuming that in this page "Z" was referring to the inside (local) NIC. Also what is DEST PORT SP ? Thanks! Scott ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
On 6/15/10 11:55 AM, Johnson, S wrote:> I''m trying to get TPROXY / Squid running and I have a few questions... > > I found this page: > http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY >Please see if this modified version isn''t clearer. http://www1.shorewall.net/Shorewall_Squid_Usage.html#TPROXY -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
On 6/15/10 11:55 AM, Johnson, S wrote:> I''m trying to get TPROXY / Squid running and I have a few questions... > > I found this page: > http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY >Please see if this modified version isn''t clearer. http://www1.shorewall.net/Shorewall_Squid_Usage.html#TPROXY -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
My responses to this thread were classified as spam so probably went unread. I have updated the TPROXY documentation at http://www.shorewall.net/Shorewall_Squid_Usage.html; hopefully, it is clearer now. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
THANK YOU! -----Original Message----- From: TomEastep [mailto:teastep@shorewall.comcastbiz.net] Sent: Wednesday, June 16, 2010 11:28 AM To: Shorewall Users Subject: [Shorewall-users] TPROXY Configuration My responses to this thread were classified as spam so probably went unread. I have updated the TPROXY documentation at http://www.shorewall.net/Shorewall_Squid_Usage.html; hopefully, it is clearer now. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------ ------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------------ ThinkGeek and WIRED''s GeekDad team up for the Ultimate GeekDad Father''s Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
Maybe Matching Threads
- Proper setup for a router with 2 interfaces and a bridge on one?
- shorewall 4.4.10 failing to start; won't recognize ipset "capability"
- [Bug 1310] New: syntax issue with tproxy
- [Bug 1398] New: tproxy rule is not matched for ip6
- CentOS6, IP6tables, Routing, TPROXY (squid34 epel package)