[Shorewall-users] transparent proxy running in the local network

MIkE psyke at ull.at
Wed Dec 3 14:56:13 PST 2003

got it running, really easy !!!

I am running shorewall 1.2.12 on a debian stable !
and have a squid as transparent proxy on another machine (debian

tried to get this work the hole day:
I found this iptables:
iptables -t nat -A PREROUTING -i eth0 -s ! $squid_box -p tcp
--dport 80 -j DNAT --to $squid_box:3128                               

iptables -t nat -A POSTROUTING -o eth0 -s $local_network -d $squid_box
-j SNAT --to $iptables_box                                            

iptables -A FORWARD -s $local_network -d $squid_box -i eth0 -o eth0 -p
tcp --dport 3128 -j ACCEPT
thats not the best, but it's easy !

so I tried to to that under shorewall: is my squid proxy is my 'iptables-server' is my local network

ACCEPT local:! local: tcp www - all


and there is a "local2local" user-chain made, but not(!) used by
shorewall, so I did:
iptables -I FORWARD 1 -i eth0 -o eth0 -j local2local

and that's it !!!!

so now I am realy intrested to know, what you guys think about it??
because I don't like the explenation from the shorewall-HP with
iproute2, and I thougt this way also should stand there ....

a woman can fake an orgasm,
but it takes a man
to fake an entire relationship


More information about the Shorewall-users mailing list