[Shorewall-users] transparent proxy running in the local network
psyke at ull.at
Wed Dec 3 14:56:13 PST 2003
got it running, really easy !!!
I am running shorewall 1.2.12 on a debian stable !
and have a squid as transparent proxy on another machine (debian
tried to get this work the hole day:
I found this iptables:
iptables -t nat -A PREROUTING -i eth0 -s ! $squid_box -p tcp
--dport 80 -j DNAT --to $squid_box:3128
iptables -t nat -A POSTROUTING -o eth0 -s $local_network -d $squid_box
-j SNAT --to $iptables_box
iptables -A FORWARD -s $local_network -d $squid_box -i eth0 -o eth0 -p
tcp --dport 3128 -j ACCEPT
thats not the best, but it's easy !
so I tried to to that under shorewall:
192.168.66.100:3128 is my squid proxy
192.168.66.1 is my 'iptables-server'
192.168.66.255 is my local network
ACCEPT local:!192.168.66.100 local:192.168.66.100:3128 tcp www - all
and there is a "local2local" user-chain made, but not(!) used by
shorewall, so I did:
iptables -I FORWARD 1 -i eth0 -o eth0 -j local2local
and that's it !!!!
so now I am realy intrested to know, what you guys think about it??
because I don't like the explenation from the shorewall-HP with
iproute2, and I thougt this way also should stand there ....
a woman can fake an orgasm,
but it takes a man
to fake an entire relationship
More information about the Shorewall-users