Jeff Armstrong wrote: > Does shorewall support a transparent proxy on a firewalled bridge? I've used > the Squid (transparent) Running on the Firewall instructions. My squid > works manually and I see Shorewall:work_dnat:REDIRECT: IN=br0 OUT= > SRC=192.168.1.86 DST=192.168.1.140 LEN=48 TOS=00 PREC=0x00 TTL=128 ID=28881 > DF PROTO=TCP SPT=2438 DPT=80 in my firewall logs but I don't see any access > in my squid logs. So it looks like it's just not sending it to the right > spot. > > ------------------------------------------------------------------------------ > Sure It does, it seems that your squid config is not right .... Here is my shorewall log to compare against yours.
Dec 30 13:20:08 mails kernel: Shorewall:loc_dnat:REDIRECT:IN=br0 OUT= PHYSIN=vlan3 MAC=00:18:71:ec:93:5e:00:18:de:0d:78:39:08:00 SRC=10.176.113.100 DST=64.233.183.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=45753 DF PROTO=TCP SPT=60093 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Harry. and don't forget REDIRECT:$LOG loc $PRXPORT tcp www - !10.51.252.254,10.176.113.254 ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
