On 4/25/13 11:31 PM, "Troy Telford" <[email protected]> wrote:
>I really appreciate the clear directions on how to use TPROXY with Squid3. > >I've previously used a REDIRECT/intercept proxy, and switching to using >TPROXY took only a couple of minutes. (even with IPv6!) > >I do have a question, though: > >I run an Apache server on my router as well. It's only visible >internally, and is useful as it lets me use some of the squid log >tools, like SARG, to view proxy usage. Similarly, I use the apache >server to serve a "access denied" page from squidGuard. > >This presents a problem, though: Computers inside the firewall can't >see the $FW machine's apache server. > >Is there something that's part of the TPROXY setup that doesn't really >allow for this? > >When I look at the rule: >ACCEPT loc $FW tcp 80 > >I think it's straighforward enough; however when I want to access the >Apache server, I really do need ot use port 80. > >So is there a way to get around this in shorewall, or would I be forced >to use port 8080 (or similar) for the apache server? You need to exclude connections to your gateway's local IP address from TPROXY: TPROXY(3129) ethX:!<ethX ip addr> 0.0.0.0/0 tcp 80 -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
