diff --git a/docs/Shorewall_Squid_Usage.xml b/docs/Shorewall_Squid_Usage.xml index 44dd3ece9..b44fa8b03 100644 --- a/docs/Shorewall_Squid_Usage.xml +++ b/docs/Shorewall_Squid_Usage.xml @@ -277,6 +277,10 @@ loc eth1 detect routeback,routefilter=0, You have a single system in your DMZ with IP address 192.0.2.177. You want to run both a web server and Squid on that system. + + +
+ Simple Configuration In /etc/shorewall/rules: @@ -284,6 +288,52 @@ loc eth1 detect routeback,routefilter=0, # PORT(S) DEST DNAT loc dmz:192.0.2.177:3128 tcp 80 - !192.0.2.177
+ +
+ More Complex configuration + + Assume that the dmz is connected through eth2 and that your + local lan interfaces through eth1 + + + + Add this entry to your /etc/shorewall/providers file. + + #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS +Squid 1 202 - eth2 192.0.2.177 loose,notrack + + + + In /etc/shorewall/tcrules add: + + #MARK SOURCE DEST PROTO DEST +# PORT(S) +202:P eth1 0.0.0.0/0 tcp 80 + + + + In /etc/shorewall/interfaces + : + + #ZONE INTERFACE BROADCAST OPTIONS +loc eth2 detect routefilter=0,logmartians=0 + + + + On 172.0.2.177, arrange for the following command to be + executed after networking has come up + + iptables -t nat -A PREROUTING -i eth0 ! -d 192.0.2.177 -p tcp --dport 80 -j REDIRECT --to-ports 3128 + + If you are running RedHat on the server, you can simply + execute the following commands after you have typed the iptables + command above: + + iptables-save > /etc/sysconfig/iptables + chkconfig --level 35 iptables on + + +