----- "Tom Eastep" <[email protected]> wrote:
> 17:06:01.519659 IP 10.3.5.23.4011 > 74.125.155.104.80: S
> 3903948433:3903948433(0) win 65535 <mss 1460,nop,nop,sackOK>
> 17:06:01.519905 IP 74.125.155.104.80 > 10.3.5.23.4011: R 0:0(0) ack
> 3903948434 win 0
> 17:06:04.536350 IP 10.3.5.23.4011 > 74.125.155.104.80: S
> 3903948433:3903948433(0) win 65535 <mss 1460,nop,nop,sackOK>
> 17:06:04.536408 IP 74.125.155.104.80 > 10.3.5.23.4011: R 0:0(0) ack 1 win 0
Sigh -- tcpdump output and no clue about which system the output was
captured on. Client? Shorewall box? ??? Note that the connection
requests are being rejected, wherever this was captured...
The dump is from the squid/shorewall box. If I'm reading this correctly, the
rejection is from the remote host back to the client, which indicates the proxy
redirect is not taking place. The remote host should have no knowledge of the
client IP; it should see only the proxy IP (72.2.0.4)
So what shorewall config do I need to redirect ALL packets with a DST port=80
and a SRC=10.0.0.0/8 received on an interface?
------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users
worldwide. Take advantage of special opportunities to increase revenue and
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
