[Shorewall-users] Portforwarding within a zone
Sun, 6 Jan 2002 12:39:44 -0800
On Sunday 06 January 2002 12:13 pm, Chris Freeze wrote:
> I have a transparent proxy sitting in my dmz zone. I want the local an=
> dmz zone's to use this proxy transparently.
May I ask why you have http clients in your DMZ? Seems like an odd=20
> My problem has been in trying to get each zone to use it.
Are you saying that your local zone won't use it either?
> > a) specify 'multi' on the entry for the DMZ's interface in
> > /etc/shoreall/interfaces; and
> > b) you need to masquerade the DMZ to itself; and
> > c) You need to ammend your rule above:
> > ACCEPT dmz:!192.168.2.42 dmz:192.168.2.42:3128 tcp http - al=
> I've made your modifications as suggested and I'm still not getting
> anything to go through. Nothing in the logs being rejected so I think =
> still looping somewhere. This box also serves as a webserver. I've go=
> the rules for being a webserver above the ones for it being a proxy.
And your web server rule looks how?
> also put settings in Netscape's advanced settings to use the box as a p=
> (avoiding the transparent issue) and things work fine without the above
> rule. With it, I still have the same problem.
Tom Eastep \ email@example.com
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ Firewalls for Linux 2.4