similar to: FTP Transparent Proxy from Local To Net Through DMZ

Goodday, First my network layout: dsl router (10.0.0.99) | server (eth0 10.0.0.1, eth1 10.0.1.10) | 3 times windows machine (10.0.1.2, 10.0.1.3, 10.0.1.4) (all with proxy settings 10.0.1.10:8080) Now on the server is mandrake 10 installed with shorewall as firewall. And a apache webserver (and no ftp server). When i turned internet sharing on it started squid which added a line in the

Hi, Is it possible to transparent proxy FTP through Squid? If so what rules would i need to add to the rules file so that any ftp request is forwarding through Squid? I have www traffic being Tranparantly proxied. Herwith my www rules: REDIRECT loc 3128 tcp 80 ACCEPT loc fw::3128 tcp www - all ACCEPT fw

Hi, I want forward port 21 and 443 to my squid. A simply rule (dnat) didnt help me. My http - port (only 80) will forwarded to my squid. It runs fine. Here I have used the HowTo from Tom and the hints from http://lartc.org/. I want to do the same with port 21 as port 80. My network: Shorewall: eth0 net (192.168.108.1) eth1 dmz (192.168.109.1) eth2 loc (192.168.110.1) eth3 loc1

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

Hi, I followed the instructions posted on the shorewall web page for transparent proxy, but I still cannot get it to work. I have almost the same setup as described on the web, running squid on dmz, eth1, and the loc on eth2. I can see that packets going out from the fw, they are not sent to the squid proxy, and if I try to telnet to the squid proxy to port 80, where I should be directed to

Hi, I followed the instructions in the section "Squid (transparent) Running on the Firewall" on http://www.shorewall.net/Shorewall_Squid_Usage.html to setup Squid transparently on a Linux gateway. My net is as follows: loc subnet --- fw Linux Gateway --- ADSL router 192.168.1.0/24 192.168.1.92 (eth1) WAN.WAN.WAN.2 (gw = WAN.WAN.WAN.WAN (eth0) 192.168.1.92) (gw =

Is this possible using shorewall ? here is the setup that I need: many client computers C1 to C30 connect to the internet using ONE gateway computer server running shorewall proxy S1 client C1 connects to local LAN /shorewall proxy S1 and authenticates using username U1 S1 connects to SSH server external server ES1 authenticates using username EU1. client C1 can transfer files, upload and

Hi! I want to redirect all http and https traffic from my LAN to squid in DMZ - transparent proxy. How do I do that? Regards, Sasa

i have squid running on DMZ zone and my network using ProxyARP on eth1 and eth2 mylinuxbox slackware 9.2 my network can access to internet normal, but can''t redirect to squid server from firewall. sometimes my network can connect to squid and sometimes bypass this squid server. i dont know what going on. now.. my network bypass redirect to squid server. my config file follow document

Hi, I have a network with 4 NIC, one external, DMZ, and two internal, B & C. It has been setup correctlly and working now. The problem I have now, is any client workstation running on network B, MSWindows 2K / XP / NT cannot connect to the primary domain controller which is in network C. The clients cannot even see the network domain in the explorere window. I believe the problem is

Hello Shorewall gurus, as outlined on the shorewall site I have done the following after failure to install shorewall via the rpm: I have read all of the FAQ. I have read the quickstart guide with particular attention directed at the Mandrake solution. I have searched the mailing list archives (all old replies). I have studied the documentation index. I have previous experience using shorewall

Hi All, Just joined the list to try and solve a problem. To show that I''ve read the rules I''ll start with the requested info os linux kernel-2.4.27 with latest netfilter pom for gre and pptp conntrack etc iptables is 1.3.0 - downloaded and compiled with the pom stuff and the 2.4.27 kernel shorewall version shorewall-2.2.1-2 from rpm ip addr show [root@squid3 root]# ip addr

Problem: "Firewall" machine cannot get DNS but is allowing DNS through internally. Something changed with the configuration but we''re not sure what. Here is the pertinent info: Shorewall Status Entries Oct 5 09:24:50 all2all:REJECT:IN= OUT=eth2 SRC=192.168.7.55 DST=65.175.131.201 LEN=55 TOS=0x00 PREC=0x00 TTL=64 ID=50982 DF PROTO=UDP SPT=32973 DPT=53 LEN=35 Oct 5

There has been a low continuing level of confusion over the terms "Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all instances of "Static NAT" have been replaced with "One-to-one NAT" on the web site and in the CVS configuration files (Shorewall/ project). The documentation in 1.4.9 will also contain this change. -Tom -- Tom Eastep \

Hi! This is another thread of "setting gateway in interfaces file" and while i dont want to create any confusion here, i have decided to open a new thread.(which mean Diamond King no longer a subscriber to shorewall-users) Actually, i turned out not to be the MARK issues. Something is missing and i got this error instead :- Setting up Accounting... Creating Interface Chains...

The second Beta is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta Function from 1.3 that has been omitted from this version includes: 1) The ''check'' command is no longer supported. 2) The MERGE_HOSTS variable in shorewall.conf is no longer supported. Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.

Dear newfound friends, please be patient. For me reading and writing in English is more painful than dissecting IP traces :) I have tried reading through the FAQ but could not quite understand: I would like the logs to be terser. I think I can live without MAC, LEN, TOS, PREC, TTL, ID fields normally (maybe need them only in special situations). Could not understand if/how I can achieve this.

I''m re-reading the section on dns names in the shorewall docs: "I personally recommend strongly against using DNS names in Shorewall configuration files. If you use DNS names and you are called out of bed at 2:00AM because Shorewall won''t start as a result of DNS problems then don''t say that you were not forewarned." Having been stung by this a few times

At Tom Eastep''s request, an informal Shorewall Documentation Support = Group (DSG) is hoping to relieve some of the writing and editing burdens = that come with maintaining and improving the Shorewall documentation. = The DSG welcomes and needs your suggestions and contributions about all = aspects of the documentation, including structure, content, references, = style, grammar --

Hi to everybody, I write because I have just configure a shorewall to be used as firewall, proxy(with squid) and gateway to 2 internet connections, and it looks to work properly but now I''d like to add a new feature: I would to redirect some specific traffic (emule''s one) only to one of those links. This is my diagram: