[Shorewall-users] tranparent proxy
Fri, 19 Apr 2002 09:07:39 -0700 (PDT)
On Fri, 19 Apr 2002, Tom Eastep wrote:
> On Fri, 19 Apr 2002, Tom Eastep wrote:
> > On 19 Apr 2002, Manuel Pompeia Santos wrote:
> > > Thanks for the quick response.
> > > But the thing is that the client isn't the local network, but the
> > > firewall itself.
> > >
> > You can try the following:
> > ACCEPT fw fw::8080 tcp 80 - all
> > I know that DNAT in the OUTPUT chain is broken in NetFilter but I'm not sure about
> > REDIRECT.
> I've tested something similar here and it seems to work.
That is to say, the REDIRECT rule works but you are going to be screwed
trying to run Squid this way.
Hint: How is Squid going to be able to connect to remote HTTP sites if ALL
requests to connect to HTTP get redirected back to the firewall?
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com