[Shorewall-users] Portforwarding within a zone

Tom Eastep teastep@shorewall.net
Sun, 6 Jan 2002 12:39:44 -0800


On Sunday 06 January 2002 12:13 pm, Chris Freeze wrote:

>
> I have a transparent proxy sitting in my dmz zone.  I want the local an=
d
> dmz zone's to use this proxy transparently.

May I ask why you have http clients in your DMZ? Seems like an odd=20
arrangement.

> My problem has been in trying to get each zone to use it.

Are you saying that your local zone won't use it either?

>
> > a) specify 'multi' on the entry for the DMZ's interface in
> > /etc/shoreall/interfaces; and
> > b) you need to masquerade the DMZ to itself; and
> > c) You need to ammend your rule above:
> > ACCEPT  dmz:!192.168.2.42  dmz:192.168.2.42:3128  tcp   http    -  al=
l
>
> I've made your modifications as suggested and I'm still not getting
> anything to go through.  Nothing in the logs being rejected so I think =
it's
> still looping somewhere.  This box also serves as a webserver.  I've go=
t
> the rules for being a webserver above the ones for it being a proxy.

And your web server rule looks how?

> I've
> also put settings in Netscape's advanced settings to use the box as a p=
roxy
> (avoiding the transparent issue) and things work fine without the above
> rule.  With it, I still have the same problem.

-Tom
--=20
Tom Eastep    \  teastep@shorewall.net
AIM: tmeastep  \  http://www.shorewall.net
ICQ: #60745924  \  Firewalls for Linux 2.4