> >> Just to ensure we are not chasing around in circles, the "danguardian's >> box" is the firewall that is running shorewall, and that the lan clients >> are using the "dan's box" as their default gateway? >> >> Maybe I need a dump here... >> > > In addition to the dump, the output of 'netstat -tnap' on the firewall would > also be enlightening. > > One thing -- https CANNOT be transparently proxied. You must manually > configure a proxy for HTTPS. > > This is described at http://www.shorewall.net/Shorewall_Squid_Usage.htm > > -Tom > Tom, Thanks for the bit about https
Jerry, Yes, the gateway is firewall, squid caching server, and dansguardian box The beginning of the thread explained that dansguardian was the late addition to a configuration that worked fine as a transparent proxy (via squid). The issue was adding dansguardian and configuring shorewall so that clients on the lan would continue with transparent proxy as: lan-based_http_request --> dansguardian --> squid --> Internet *** I was able to think this through and realize how I needed to change my shorewall rules to reflect the new circumstances. I had previously left the rule in place for transparent proxying through squid: REDIRECT loc 3128 tcp 80 This needed to be changed as follows, in order to redirect dansguardian --> squid: REDIRECT loc 3128 tcp 8080 Then, I needed to redirect requests on port 80 --> dansguardian: REDIRECT loc 8080 tcp 80 Everything seems hunky-dory now. --Mike ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
