Bring Squid Documenation up to date

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3151 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-12-12 17:21:52 +00:00
parent aaa1390afa
commit dbdd54d616

View File

@ -38,10 +38,12 @@
url="http://www.squid-cache.org">Squid</ulink> running as a Transparent url="http://www.squid-cache.org">Squid</ulink> running as a Transparent
Proxy or as a Manual Proxy.</para> Proxy or as a Manual Proxy.</para>
<warning> <caution>
<para>This documentation assumes that you are running Shorewall 2.0.0 or <para><emphasis role="bold">This article applies to Shorewall 3.0 and
later.</para> later. If you are running a version of Shorewall earlier than Shorewall
</warning> 3.0.0 then please see the documentation for that
release.</emphasis></para>
</caution>
<section> <section>
<title>Squid as a Transparent Proxy</title> <title>Squid as a Transparent Proxy</title>
@ -173,46 +175,6 @@ REDIRECT loc 3128 tcp www - !206.124.146.
a web server running on 192.168.1.3. It is assumed that web access is a web server running on 192.168.1.3. It is assumed that web access is
already enabled from the local zone to the internet.</para> already enabled from the local zone to the internet.</para>
<para>If you are running a Shorewall version earlier than 2.3.2
then:</para>
<orderedlist>
<listitem>
<para>On your firewall system, issue the following command</para>
<programlisting><command>echo 202 www.out &gt;&gt; /etc/iproute2/rt_tables</command> </programlisting>
</listitem>
<listitem>
<para>Create <filename>/etc/shorewall/addroutes</filename> as
follows:</para>
<programlisting><command>#!/bin/sh
if [ -z "`ip rule list | grep www.out`" ] ; then
ip rule add fwmark 0xCA table www.out # Note 0xCA = 202
ip route add default via 192.168.1.3 dev eth1 table www.out
ip route flush cache
echo 0 &gt; /proc/sys/net/ipv4/conf/eth1/send_redirects
fi</command> </programlisting>
</listitem>
<listitem>
<para>Make <filename>/etc/shorewall/addroutes </filename>executable
via:</para>
<programlisting><command>chmod +x /etc/shorewall/addroutes</command> </programlisting>
</listitem>
<listitem>
<para>In /etc/shorewall/init, put:</para>
<programlisting><command>run_and_save_command "/etc/shorewall/addroutes"</command> </programlisting>
</listitem>
</orderedlist>
<para>If you are running Shorewall 2.3.2 or later:</para>
<orderedlist> <orderedlist>
<listitem> <listitem>
<para>Add this entry to your /etc/shorewall/providers file.</para> <para>Add this entry to your /etc/shorewall/providers file.</para>
@ -220,12 +182,7 @@ fi</command> </programlisting>
<programlisting>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS <programlisting>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
Squid 1 202 - eth1 192.168.1.3 loose</programlisting> Squid 1 202 - eth1 192.168.1.3 loose</programlisting>
</listitem> </listitem>
</orderedlist>
<para>Regardless of your Shorewall version, you need the
following:</para>
<orderedlist>
<listitem> <listitem>
<para>In <filename>/etc/shorewall/start</filename> add:</para> <para>In <filename>/etc/shorewall/start</filename> add:</para>
@ -240,25 +197,6 @@ Squid 1 202 - eth1 192.168.1.3 loose</p
loc eth1 detect <emphasis role="bold">routeback</emphasis> </programlisting> loc eth1 detect <emphasis role="bold">routeback</emphasis> </programlisting>
</listitem> </listitem>
<listitem>
<para>In /etc/shorewall/rules:</para>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
ACCEPT loc loc tcp www</programlisting>
<orderedlist numeration="loweralpha">
<listitem>
<para>Alternatively, you can have the following policy in place
of the above rule.</para>
<para><filename>/etc/shorewall/policy</filename></para>
<programlisting>#SOURCE DESTINATION POLICY
loc loc ACCEPT</programlisting>
</listitem>
</orderedlist>
</listitem>
<listitem> <listitem>
<para>On 192.168.1.3, arrange for the following command to be <para>On 192.168.1.3, arrange for the following command to be
executed after networking has come up</para> executed after networking has come up</para>