mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-08 08:44:05 +01:00
More ROUTE updates
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2124 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
f7960e11b9
commit
fafecbe73c
@ -171,7 +171,10 @@ REDIRECT loc 3128 tcp www - !206.124.146.
|
||||
transparent proxy running in your local zone at 192.168.1.3 and
|
||||
listening on port 3128. Your local interface is eth1. There may also be
|
||||
a web server running on 192.168.1.3. It is assumed that web access is
|
||||
already enabled from the local zone to the internet..</para>
|
||||
already enabled from the local zone to the internet.</para>
|
||||
|
||||
<para>If you are running a Shorewall version earlier than 2.3.3 OR your
|
||||
kernel and/or iptables do not have ROUTE target support then:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
@ -207,6 +210,27 @@ fi</command></programlisting>
|
||||
<programlisting><command>run_and_save_command "/etc/shorewall/addroutes"</command></programlisting>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>In <filename>/etc/shorewall/start</filename> add:</para>
|
||||
|
||||
<programlisting><command>iptables -t mangle -A PREROUTING -i eth1 -s ! 192.168.1.3 -p tcp --dport 80 -j MARK --set-mark 202</command></programlisting>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>If you are running Shorewall 2.3.3 or later and your kernel and
|
||||
iptables have ROUTE target support then add this entry to
|
||||
/etc/shorewall/routes:</para>
|
||||
|
||||
<blockquote>
|
||||
<programlisting>#SOURCE DEST PROTO PORT(S) SOURCE INTERFACE GATEWAY
|
||||
# PORT(S)
|
||||
eth1 0.0.0.0/0 tcp 80 - eth1 192.168.1.3</programlisting>
|
||||
</blockquote>
|
||||
|
||||
<para>Regardless of your Shorewall version or your kernel and iptables
|
||||
ROUTE target support, you need the following:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>In
|
||||
<filename><filename>/etc/shorewall/interfaces</filename></filename>:</para>
|
||||
@ -234,12 +258,6 @@ loc loc ACCEPT</programlisting>
|
||||
</orderedlist>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>In <filename>/etc/shorewall/start</filename> add:</para>
|
||||
|
||||
<programlisting><command>iptables -t mangle -A PREROUTING -i eth1 -s ! 192.168.1.3 -p tcp --dport 80 -j MARK --set-mark 202</command></programlisting>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>On 192.168.1.3, arrange for the following command to be
|
||||
executed after networking has come up</para>
|
||||
@ -263,6 +281,9 @@ chkconfig --level 35 iptables on</command></programlisting>
|
||||
192.0.2.177. You want to run both a web server and Squid on that system.
|
||||
Your DMZ interface is eth1 and your local interface is eth2.</para>
|
||||
|
||||
<para>If you are running a Shorewall version earlier than 2.3.3 OR your
|
||||
kernel and/or iptables do not have ROUTE target support then:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>On your firewall system, issue the following command</para>
|
||||
@ -327,7 +348,22 @@ fi</command></programlisting>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>If you are running Shorewall 2.3.3 or later and your kernel and
|
||||
iptables have ROUTE target support then add this entry to
|
||||
/etc/shorewall/routes:</para>
|
||||
|
||||
<blockquote>
|
||||
<programlisting>#SOURCE DEST PROTO PORT(S) SOURCE INTERFACE GATEWAY
|
||||
# PORT(S)
|
||||
eth2 0.0.0.0/0 tcp 80 - eth1 192.0.2.177</programlisting>
|
||||
</blockquote>
|
||||
|
||||
<para>Regardless of your Shorewall version or your kernel and iptables
|
||||
ROUTE target support, you need the following:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>In <filename>/etc/shorewall/rules</filename>, you will
|
||||
need:</para>
|
||||
|
Loading…
Reference in New Issue
Block a user