Randy Welch <[EMAIL PROTECTED]> writes: > > Why would you need to hand edit it ? > Because initially squid was logging the ip address of the proxy.
oh, yes I simply added the patches and fixed the actual DansGuardian configuration but I will update the cinfiguration templates aswell .. > >What did you change by hand ? > > > forwardedfor and xforwardedfor, both to on. ok, I will add these ... and eventually some more stuff, if I will find some time ... I'm working on static routes and pptp testing (dhcp over ipsec, pptp radius authentication, ppp dynamic ip allocation through dhcp, etc) > >I'll check that ... I never use that ... I simply open the 8443 port on > >the interface I want ... and that's it my admin interface :o) > > > If it has no real meaning, ie the really important item is just the port, > the perhaps the admin interface nomenclature should be removed. yes, I might do that or update the admin stuff ... but it's rather obsolete IMHO > >oh ? it starts fine here .. chkconfig --list httpd2-naat ? > > > > > Yea I had to add it whth check config. it worked for me on freshly installed system ... > REDIRECT lan:192.168.200.64/29 fw:8080 tcp www - > all > > (shorewall fails on this) this is hopefuly fixed already. You can now choose "-" in zone and add the 8080 (edit the REDIRECT rule updated by the squid proxy and you'll have a better picture how to create such a rule; it's quite easy) as a port value. > > > >>The problem is that I can't do the 8080 in the GUI without adding fw: to > >>it. When I do it like that shorewall fails to restart. -randy now you can do it ... > sarg isn't running right.... It's getting a segmentation violation... really ? I'll check again ... > Any word on the time restriction on ports ? yes, the time restriction is almost there ... and this because I have added the netfilter time patch on the kernel already (the one kernel+iptables on my website has it already) so I'll update the web interface today or tomorrow ... > Another thing that would be > really nice is the ability to serve internal dns information for the local > network. I'm sort of against this because it's a firewall after all .... but I'll note it on my TODO list ... if I have time I'll add it cheers, -- Florin Grad http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
