mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 06:10:42 +01:00
Bring Squid Documenation up to date
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3151 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
aaa1390afa
commit
dbdd54d616
@ -38,10 +38,12 @@
|
|||||||
url="http://www.squid-cache.org">Squid</ulink> running as a Transparent
|
url="http://www.squid-cache.org">Squid</ulink> running as a Transparent
|
||||||
Proxy or as a Manual Proxy.</para>
|
Proxy or as a Manual Proxy.</para>
|
||||||
|
|
||||||
<warning>
|
<caution>
|
||||||
<para>This documentation assumes that you are running Shorewall 2.0.0 or
|
<para><emphasis role="bold">This article applies to Shorewall 3.0 and
|
||||||
later.</para>
|
later. If you are running a version of Shorewall earlier than Shorewall
|
||||||
</warning>
|
3.0.0 then please see the documentation for that
|
||||||
|
release.</emphasis></para>
|
||||||
|
</caution>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>Squid as a Transparent Proxy</title>
|
<title>Squid as a Transparent Proxy</title>
|
||||||
@ -173,46 +175,6 @@ REDIRECT loc 3128 tcp www - !206.124.146.
|
|||||||
a web server running on 192.168.1.3. It is assumed that web access is
|
a web server running on 192.168.1.3. It is assumed that web access is
|
||||||
already enabled from the local zone to the internet.</para>
|
already enabled from the local zone to the internet.</para>
|
||||||
|
|
||||||
<para>If you are running a Shorewall version earlier than 2.3.2
|
|
||||||
then:</para>
|
|
||||||
|
|
||||||
<orderedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>On your firewall system, issue the following command</para>
|
|
||||||
|
|
||||||
<programlisting><command>echo 202 www.out >> /etc/iproute2/rt_tables</command> </programlisting>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Create <filename>/etc/shorewall/addroutes</filename> as
|
|
||||||
follows:</para>
|
|
||||||
|
|
||||||
<programlisting><command>#!/bin/sh
|
|
||||||
|
|
||||||
if [ -z "`ip rule list | grep www.out`" ] ; then
|
|
||||||
ip rule add fwmark 0xCA table www.out # Note 0xCA = 202
|
|
||||||
ip route add default via 192.168.1.3 dev eth1 table www.out
|
|
||||||
ip route flush cache
|
|
||||||
echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
|
|
||||||
fi</command> </programlisting>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Make <filename>/etc/shorewall/addroutes </filename>executable
|
|
||||||
via:</para>
|
|
||||||
|
|
||||||
<programlisting><command>chmod +x /etc/shorewall/addroutes</command> </programlisting>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>In /etc/shorewall/init, put:</para>
|
|
||||||
|
|
||||||
<programlisting><command>run_and_save_command "/etc/shorewall/addroutes"</command> </programlisting>
|
|
||||||
</listitem>
|
|
||||||
</orderedlist>
|
|
||||||
|
|
||||||
<para>If you are running Shorewall 2.3.2 or later:</para>
|
|
||||||
|
|
||||||
<orderedlist>
|
<orderedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Add this entry to your /etc/shorewall/providers file.</para>
|
<para>Add this entry to your /etc/shorewall/providers file.</para>
|
||||||
@ -220,12 +182,7 @@ fi</command> </programlisting>
|
|||||||
<programlisting>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
|
<programlisting>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
|
||||||
Squid 1 202 - eth1 192.168.1.3 loose</programlisting>
|
Squid 1 202 - eth1 192.168.1.3 loose</programlisting>
|
||||||
</listitem>
|
</listitem>
|
||||||
</orderedlist>
|
|
||||||
|
|
||||||
<para>Regardless of your Shorewall version, you need the
|
|
||||||
following:</para>
|
|
||||||
|
|
||||||
<orderedlist>
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>In <filename>/etc/shorewall/start</filename> add:</para>
|
<para>In <filename>/etc/shorewall/start</filename> add:</para>
|
||||||
|
|
||||||
@ -240,25 +197,6 @@ Squid 1 202 - eth1 192.168.1.3 loose</p
|
|||||||
loc eth1 detect <emphasis role="bold">routeback</emphasis> </programlisting>
|
loc eth1 detect <emphasis role="bold">routeback</emphasis> </programlisting>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>In /etc/shorewall/rules:</para>
|
|
||||||
|
|
||||||
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
|
|
||||||
ACCEPT loc loc tcp www</programlisting>
|
|
||||||
|
|
||||||
<orderedlist numeration="loweralpha">
|
|
||||||
<listitem>
|
|
||||||
<para>Alternatively, you can have the following policy in place
|
|
||||||
of the above rule.</para>
|
|
||||||
|
|
||||||
<para><filename>/etc/shorewall/policy</filename></para>
|
|
||||||
|
|
||||||
<programlisting>#SOURCE DESTINATION POLICY
|
|
||||||
loc loc ACCEPT</programlisting>
|
|
||||||
</listitem>
|
|
||||||
</orderedlist>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>On 192.168.1.3, arrange for the following command to be
|
<para>On 192.168.1.3, arrange for the following command to be
|
||||||
executed after networking has come up</para>
|
executed after networking has come up</para>
|
||||||
@ -312,4 +250,4 @@ ACCEPT loc $FW tcp 8080
|
|||||||
ACCEPT $FW net tcp 80,443</programlisting></para>
|
ACCEPT $FW net tcp 80,443</programlisting></para>
|
||||||
</example>
|
</example>
|
||||||
</section>
|
</section>
|
||||||
</article>
|
</article>
|
||||||
Loading…
Reference in New Issue
Block a user