[Shorewall-users] transparent proxy running in the local network

MIkE psyke at ull.at
Wed Dec 3 14:56:13 PST 2003


got it running, really easy !!!


I am running shorewall 1.2.12 on a debian stable !
and have a squid as transparent proxy on another machine (debian
testing)


tried to get this work the hole day:
I found this iptables:
------
iptables -t nat -A PREROUTING -i eth0 -s ! $squid_box -p tcp
--dport 80 -j DNAT --to $squid_box:3128                               

iptables -t nat -A POSTROUTING -o eth0 -s $local_network -d $squid_box
-j SNAT --to $iptables_box                                            

iptables -A FORWARD -s $local_network -d $squid_box -i eth0 -o eth0 -p
tcp --dport 3128 -j ACCEPT
------
thats not the best, but it's easy !


so I tried to to that under shorewall:
192.168.66.100:3128 is my squid proxy
192.168.66.1 is my 'iptables-server'
192.168.66.255 is my local network

rules:
ACCEPT local:!192.168.66.100 local:192.168.66.100:3128 tcp www - all

masq:
eth0      192.168.66.0/24!192.168.66.100

and there is a "local2local" user-chain made, but not(!) used by
shorewall, so I did:
iptables -I FORWARD 1 -i eth0 -o eth0 -j local2local

and that's it !!!!



so now I am realy intrested to know, what you guys think about it??
because I don't like the explenation from the shorewall-HP with
iproute2, and I thougt this way also should stand there ....


mike
-- 
a woman can fake an orgasm,
but it takes a man
to fake an entire relationship

:-)


More information about the Shorewall-users mailing list