Hello, I am having trouble finding rules to redirect traffic to a squid transparent proxy running using shorewall. Here are the details:
Shorewall 4.0.6 on Ubuntu 8.04 single interface squid 2.6 running in transparent mode on port 3128 on FW I have a Cisco Cat 6500 MSFC which redirects all port 80 traffic from a subnet (10.3.5.0/24) to the squid box using WCCP2. Here is a tcpdump of the traffic: 17:06:01.519659 IP 10.3.5.23.4011 > 74.125.155.104.80: S 3903948433:3903948433(0) win 65535 <mss 1460,nop,nop,sackOK> 17:06:01.519905 IP 74.125.155.104.80 > 10.3.5.23.4011: R 0:0(0) ack 3903948434 win 0 17:06:04.536350 IP 10.3.5.23.4011 > 74.125.155.104.80: S 3903948433:3903948433(0) win 65535 <mss 1460,nop,nop,sackOK> 17:06:04.536408 IP 74.125.155.104.80 > 10.3.5.23.4011: R 0:0(0) ack 1 win 0 I have tried using the rules shown in the Shorewall docs for squid trans proxy, but it does not work - squid does not see the traffic. Squid does work fine when used as manual proxy from same test client. I have tried: ACCEPT $FW net tcp www REDIRECT net 3128 tcp 80 - The squid/shorewall box has a single NIC only; it is NOT the gateway. The gateway to the net is on the same subnet as the squid/shorewall box. The client box is 10.3.5.23, and the squid/shorewall box is 72.2.0.4. Attached is a shorewall dump. Thanks. Shawn Wright I.T. Manager, Shawnigan Lake School http://www.shawnigan.ca
status.txt.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
