mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-22 06:10:42 +01:00
Bring Squid Documenation up to date
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3151 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
aaa1390afa
commit
dbdd54d616
@ -38,10 +38,12 @@
|
||||
url="http://www.squid-cache.org">Squid</ulink> running as a Transparent
|
||||
Proxy or as a Manual Proxy.</para>
|
||||
|
||||
<warning>
|
||||
<para>This documentation assumes that you are running Shorewall 2.0.0 or
|
||||
later.</para>
|
||||
</warning>
|
||||
<caution>
|
||||
<para><emphasis role="bold">This article applies to Shorewall 3.0 and
|
||||
later. If you are running a version of Shorewall earlier than Shorewall
|
||||
3.0.0 then please see the documentation for that
|
||||
release.</emphasis></para>
|
||||
</caution>
|
||||
|
||||
<section>
|
||||
<title>Squid as a Transparent Proxy</title>
|
||||
@ -173,46 +175,6 @@ REDIRECT loc 3128 tcp www - !206.124.146.
|
||||
a web server running on 192.168.1.3. It is assumed that web access is
|
||||
already enabled from the local zone to the internet.</para>
|
||||
|
||||
<para>If you are running a Shorewall version earlier than 2.3.2
|
||||
then:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>On your firewall system, issue the following command</para>
|
||||
|
||||
<programlisting><command>echo 202 www.out >> /etc/iproute2/rt_tables</command> </programlisting>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Create <filename>/etc/shorewall/addroutes</filename> as
|
||||
follows:</para>
|
||||
|
||||
<programlisting><command>#!/bin/sh
|
||||
|
||||
if [ -z "`ip rule list | grep www.out`" ] ; then
|
||||
ip rule add fwmark 0xCA table www.out # Note 0xCA = 202
|
||||
ip route add default via 192.168.1.3 dev eth1 table www.out
|
||||
ip route flush cache
|
||||
echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
|
||||
fi</command> </programlisting>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Make <filename>/etc/shorewall/addroutes </filename>executable
|
||||
via:</para>
|
||||
|
||||
<programlisting><command>chmod +x /etc/shorewall/addroutes</command> </programlisting>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>In /etc/shorewall/init, put:</para>
|
||||
|
||||
<programlisting><command>run_and_save_command "/etc/shorewall/addroutes"</command> </programlisting>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>If you are running Shorewall 2.3.2 or later:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Add this entry to your /etc/shorewall/providers file.</para>
|
||||
@ -220,12 +182,7 @@ fi</command> </programlisting>
|
||||
<programlisting>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
|
||||
Squid 1 202 - eth1 192.168.1.3 loose</programlisting>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>Regardless of your Shorewall version, you need the
|
||||
following:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>In <filename>/etc/shorewall/start</filename> add:</para>
|
||||
|
||||
@ -240,25 +197,6 @@ Squid 1 202 - eth1 192.168.1.3 loose</p
|
||||
loc eth1 detect <emphasis role="bold">routeback</emphasis> </programlisting>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>In /etc/shorewall/rules:</para>
|
||||
|
||||
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
|
||||
ACCEPT loc loc tcp www</programlisting>
|
||||
|
||||
<orderedlist numeration="loweralpha">
|
||||
<listitem>
|
||||
<para>Alternatively, you can have the following policy in place
|
||||
of the above rule.</para>
|
||||
|
||||
<para><filename>/etc/shorewall/policy</filename></para>
|
||||
|
||||
<programlisting>#SOURCE DESTINATION POLICY
|
||||
loc loc ACCEPT</programlisting>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>On 192.168.1.3, arrange for the following command to be
|
||||
executed after networking has come up</para>
|
||||
|
Loading…
Reference in New Issue
Block a user