[Shorewall-newbies] REDIRECT rule

Sakthivel Subramanian sakthi at altair.com
Fri Feb 20 13:35:31 PST 2004


Thanks Tom,

That works fine. I also cannot believe that I missed the note on the top the
rules file which answers my question exactly.

#       In most places where an IP address or subnet is allowed, you
#       can preceed the address/subnet with "!" (e.g., !192.168.1.0/24) to
#       indicate that the rule matches all addresses except the
address/subnet
#       given. Notice that no white space is permitted between "!" and the
#       address/subnet.

Thanks

Sakthi

-----Original Message-----
From: Tom Eastep [mailto:teastep at shorewall.net] 
Sent: Friday, February 20, 2004 4:19 PM
To: sakthi at altair.com; shorewall-newbies at lists.shorewall.net
Subject: Re: [Shorewall-newbies] REDIRECT rule


On Friday 20 February 2004 12:48 pm, Sakthivel Subramanian wrote:
> Hi,
>
> I am trying to redirect WWW from LAN to the SQUID proxy running on the 
> firewall box except for certain destinations. I used the following 
> rule and it works fine. # Redirect WWW access to proxy
> REDIRECT        loc     8080      tcp   www      -      !10.10.9.1
>
> But I don't want to redirect if the www request is destined for three 
> subnets on the eth0 interface (192.168.1.0/24, 192168.2.0/24, 
> 192.168.3.0/24). These three subnets are defined a three zones in the 
> zones file. How do I specify an subnet to exclude in the REDIRECT 
> rule. I tried the following and it didn't work. # Redirect WWW access 
> to proxy
> REDIRECT        loc     8080      tcp   www      -
> !10.10.9.1,192.168.1.2-192.168.1.254
>

REDIRECT loc 8080 tcp www - !10.10.9.1,192.168.1.0/24,192.168.2.0/24

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net





More information about the Shorewall-newbies mailing list