Tom Eastep wrote: > Asim Ahmed Khan wrote: >> requests originating from loc zone and coming to FW zone (loc can't talk >> to net zone directly according to policy file) then FW zone should send >> them to 72.166.1.90 on port 8080 > > And you are doing that by configuring Squid as a proxy?
The reason that I ask is that if you aren't doing it with Squid then you
must have a loc->net rule that allows the traffic:
ACCEPT loc net tcp 8080
You may, of course, limit the SOURCE and DEST by IP address(es).
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
