similar to: Transparent Squid in DMZ

I recently setup shorewall on my freshly rebuilt router box. I setup transparent proxying using transproxy/dansguardian/privoxy/squid. My current rules for the redirect are: REDIRECT loc 81 tcp www - !192.168.100.0/24 ACCEPT fw net tcp www How do I set this so that all the request are redirected except for requests FROM a certain machine (192.168.100.11)? I

Hi, I''ve a big problem. Everytime if I used "shorewall" with option status the Server hangs up completly. The way to solve the problem: switch off the computer. Nothing is makeable. The server is in a productiv enviroment and so I can''t test it all the days. Is here anyone who knows this problem ! Mit freundlichen Grüssen Michael Menkhoff ========================

What speaks for it and which speaks against it that Firewall and squid run on the same machine? Regards Menki ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more

Hi, I''ve a little problem, I hope so.. First a hint, I haven''t a static IP - Adress and so I used a dyndns Provider. In DMZ runs a sftp server. It should accessible from net. My router is forwarding the traffic from port 22 to the machine in DMZ. Now, in basic installation I have rfc1918-dropping configured by net interface. My problem: If rfc1918 dropping is on I

Ok. That''s probably really confusing. :) Here''s what I''d like to do. If it''s something that''s overly difficult or just plain stupid, let me know. :) I''m on cable with a dynamic IP. I have a domain forwarding account pointing to me. That is techiem2.no-ip.com. The firewall is 192.168.100.1. My web server is on port 444 on machine

I''m trying to get Shorewall to use ulogd for logging, but I''m not seeing any logging in either the file I set up for logs, nor in /var/log/messages (where the logs used to be). I''m running a stock Debian 3.0 woody system, with a custom 2.4.21 kernel. I used all the settings as described on shorewall.net when configuring the kernel. ulogd (0.97-1) and shorewall

I''m trying to use my VPS server (single interface of course) as somewhat of a VPN gateway to my other location (which is not accessible directly from some places) where the openvpn server is running, and am kind of lost as to what to try next. I tried a redirect rule, but apparently shorewall didn''t like that (it just failed to start). I tried adding the rules via

Hi, here my system on shorewall: eth0 192.168.108.1 net eth1 192.168.109.1 dmz eth2 192.168.110.1 loc_110 eth3 192.168.111.1 loc I haven''t access from or to server in loc_110 through shorewall. I can use ssh or other types from loc to dmz or from loc to fw, but I can''t use connections to loc_110. I can also use ssh - connection from fw to loc_110 or redirectly. Where is the

Hi, could you tell me the correctly syntax to lists any ip adresses. For example: EXT1=192.168.111.239 192.168.215.40 and so on. Must there be a ";" or a blank ? Regards Michael Menkhoff Vote for Kerry

i ask here after give up reading and following all the documentation.. i got 3 nic eth0:222.222.222.222 netmask:255.255.255.252 gateway:222.222.222.221 eth1:10.10.10.254 netmask:255.255.255.0 gateway:blank eth2:10.10.11.254 netmask:255.255.255.0 gateway: blank i''m running redhat9, and shorewall2.2.2 eth0 connected to dsl modem ( static ip ) eth1 connected to d-link router ( for

Hi, in my network are two locally subnets. Now I want to print from one subnet (loc_110) to the other subnet (loc) where a printer server (192.168.111.5) is working. My printer server is from the d-link company. First in "/var/log/messages" was an entry that there was dropped traffic from source 192.168.110.x port 721 to 192.168.111.5 port 515. Ok, now I''ve created a rule,

I had to restart one of my routers tonight and since then shorewall on it has been dropping SIP packets coming in from one machine instead of forwarding them to the freebpx server. Shorewall:net2all:DROP:IN=eth0 OUT= MAC=<removed> SRC=<my home network external ip> DST=<server network external ip> LEN=575 TOS=0x00 PREC=0x20 TTL=78 ID=230 PROTO=UDP SPT=5061 DPT=5060

I''m working on setting up a new router/server/etc. box. I''m using Proxmox as the base system (Debian Lenny basically). I''m trying to figure out the right way to configure Shorewall on it. I''ve looked at some of the bridging info but they seem to all be talking about single-interface setups. Could someone look over my setup and give me some input into the

I''ve been having all sorts of problems the last few days with my connection slowing down and then stopping working. Rebooting the router box always fixes it for a while. When I couldn''t hit any pages this morning, and couldn''t even ssh into the router, I dug around a little. When I did a dmesg on the router, there were a bunch of errors saying: ip_conntrack: table full,

Hai, You can very easy upgrade to 3.5.12 on Jessie. Add sid to your sources.list, or better in : /etc/apt/sources.list.d/debian-sid.list Only the deb-src line is needed. Now apt-get update # install dependecies. apt-get build-dep squid # get and build source. apt-get source squid -b if you missing something, get that package first, build it, install it and do above again. !! thing to

Hai, The folder test-suite/buildtests/ Is an not exiting folder in current 4.11 tar.gz Can you verify that? I thinks thats also from 5.x Greetz, Louis > -----Oorspronkelijk bericht----- > Van: squid-users > [mailto:squid-users-bounces at lists.squid-cache.org] Namens > Amos Jeffries > Verzonden: donderdag 23 april 2020 14:28 > Aan: squid-users at

> you are better off building the more up to date 3.5 version available > from Stretch/Testing repository. I disagree with this one, use SID and not testing, testing has a longer delay in security updates and coms after unstable. See : https://www.debian.org/security/faq Greetz, Louis > -----Oorspronkelijk bericht----- > Van: squid-users [mailto:squid-users-bounces at

Hi list... I work for a school in the netherlands with a 2mbit Internet uplink and about 3800 eager student who want to play games on the Internet using one of our 800 workstations. Problem was that those game playing students are concentrated in 2 of our 6 physical locations... and they consumed the bandwidth which the other location would like to use for educational purposes. The thing we did

Its in here : ( from your squid.conf ) "/etc/squid/listas/ad_block.lst" http_access deny ads #deny_info TCP_RESET ads affiliates.digitalriver.com it is in the ads list. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] Namens > erdosain9 > Verzonden: vrijdag 9 september 2016 15:55 > Aan:

Hi List, I want to bind an ip address to a username with squid by using squid password file. I am using ncsa_auth programme. Below are line that I have added to squid.conf file. auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic