[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: rdr - ! from/to syntax help please! (transparent http proxy)
From: Amadeus <poff () sixbit ! org>
Date: 2004-05-31 4:07:52
Message-ID: 20040531040752.GA16641 () freeshell ! org
[Download RAW message or body]
Hello all,
I am trying to get a transparent squid proxy working on the LAN here:
INTERNET -> FIREWALL -> LAN
The proxy is not on the firewall machine, but part of the LAN.
From what I understand, I need to:
- redirect all port 80 traffic from the firewall to the proxy, then let
that back out to the firewall
I already have the cache running ok, but I have to manually configure each
client machine with the cache address.
Now I was thinking of the following rule on the firewall, as I want to
redirect everything *EXCEPT* when it's from the proxy itself.
ne2 is the external (internet) interface.
ipnat.conf:
map ne2 10.10.1.0/24 -> 0/32 portmap tcp/udp 40000:60000
map ne2 10.10.1.0/24 -> 0/32
##
rdr ne2 from 10.10.1.0/24 ! from 10.10.1.2 port 80 -> 10.10.1.2 port 3128
tcp
##
Now the syntax is bad (mixed up with ! and from), but the idea is there:
- redirect from the LAN (10.10.1.0/24) but NOT from the cache (10.10.1.2)
on port 80 to the cache (10.10.1.2) listening on port 3128
Does anyone know how to fix the syntax? I googled a long time but couldn't
find any solutions.
As it is with NAT all the clients will connect through the firewall to port
80 directly.
I have an ipfilter rule to only allow port 80 traffic from the cache
(10.10.1.2)
Any help?
Thanks!!
Amadeus
--
poff@sixbit.org
SDF Public Access UNIX System - http://sdf.lonestar.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic