extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-21 13:09:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update TPROXY article to explain exclusion.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-04-26 08:42:23 -07:00
parent 52f5ae15d1
commit b57fd9f2a9
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/Shorewall_Squid_Usage.xml
View File

@ -412,6 +412,18 @@ TPROXY(3129) eth1 0.0.0.0/0 tcp 80</programlisting>
for request packets after the connection is established and to direct
response packets back to Squid3.</para>
<note>
<para>If you run a web server on the Shorewall system that also listens
on port 80, then you need to exclude it from TPROXY. Suppose that your
web server listens on 192.0.2.144; then:</para>
<programlisting><emphasis role="bold">FORMAT 2</emphasis>
#MARK SOURCE DEST PROTO DEST SOURCE
# PORT(S) PORT(S)
DIVERT eth0 0.0.0.0/0 tcp - 80
TPROXY(3129) eth1:!192.0.2.144 0.0.0.0/0 tcp 80</programlisting>
</note>
<para>/etc/shorewall/rules:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)