[Shorewall-users] tranparent proxy

Tom Eastep teastep@shorewall.net
Fri, 19 Apr 2002 09:07:39 -0700 (PDT)


On Fri, 19 Apr 2002, Tom Eastep wrote:

> On Fri, 19 Apr 2002, Tom Eastep wrote:
> 
> > On 19 Apr 2002, Manuel Pompeia Santos wrote:
> > 
> > > Thanks for the quick response.
> > > But the thing is that the client isn't the local network, but the
> > > firewall itself.
> > > 
> > 
> > You can try the following:
> > 
> > ACCEPT	fw	fw::8080	tcp	80	-	all
> > 
> > I know that DNAT in the OUTPUT chain is broken in NetFilter but I'm not sure about 
> > REDIRECT. 
> > 
> 
> I've tested something similar here and it seems to work.
> 

That is to say, the REDIRECT rule works but you are going to be screwed 
trying to run Squid this way. 

Hint: How is Squid going to be able to connect to remote HTTP sites if ALL 
requests to connect to HTTP get redirected back to the firewall?

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net