Divan Santana wrote: > Awesome! This is really great! I thought it was something shorewall can do > but can understand perfectly why its not! Thanks very much! > > Given this info below though, how would you allow some source IPs(users) to > connect as the below would simply deny all. > > Wait I just figured out the above if anyone is interested! :) > > I will do the following rule in /etc/shorewall/rules > REDIRECT loc 3129 tcp 443 - > !192.168.0.2 > > The above shorewall rule will not redirect any traffic going to destination > of 192.168.0.2. > But want I would like to rather do is not redirect to 443 traffic coming from > say 192.168.0.2 > > Is that possible? > This way I can allow certain IPs to connect to Skype etc.
You cannot transparently proxy HTTPS. Your LAN users' web browsers must be configured to use an HTTPS proxy (which you can do with proxy autoconfiguration). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
