[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    rdr - ! from/to syntax help please! (transparent http proxy)
From:       Amadeus <poff () sixbit ! org>
Date:       2004-05-31 4:07:52
Message-ID: 20040531040752.GA16641 () freeshell ! org
[Download RAW message or body]

Hello all,

I am trying to get a transparent squid proxy working on the LAN here:

INTERNET -> FIREWALL -> LAN

The proxy is not on the firewall machine, but part of the LAN.

From what I understand, I need to:

- redirect all port 80 traffic from the firewall to the proxy, then let 
that back out to the firewall

I already have the cache running ok, but I have to manually configure each 
client machine with the cache address.

Now I was thinking of the following rule on the firewall, as I want to 
redirect everything *EXCEPT* when it's from the proxy itself.

ne2 is the external (internet) interface.

ipnat.conf:
map ne2 10.10.1.0/24 -> 0/32 portmap tcp/udp 40000:60000
map ne2 10.10.1.0/24 -> 0/32

##
rdr ne2 from 10.10.1.0/24 ! from 10.10.1.2 port 80 -> 10.10.1.2 port 3128 
tcp 
##

Now the syntax is bad (mixed up with ! and from), but the idea is there:

- redirect from the LAN (10.10.1.0/24) but NOT from the cache (10.10.1.2) 
on port 80 to the cache (10.10.1.2) listening on port 3128

Does anyone know how to fix the syntax? I googled a long time but couldn't 
find any solutions.

As it is with NAT all the clients will connect through the firewall to port 
80 directly.

I have an ipfilter rule to only allow port 80 traffic from the cache 
(10.10.1.2)

Any help?

Thanks!!

Amadeus

-- 
poff@sixbit.org
SDF Public Access UNIX System - http://sdf.lonestar.org
[prev in list] [next in list] [prev in thread] [next in thread]