mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-27 10:03:41 +01:00
More ROUTE updates
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2124 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
f7960e11b9
commit
fafecbe73c
@ -171,7 +171,10 @@ REDIRECT loc 3128 tcp www - !206.124.146.
|
|||||||
transparent proxy running in your local zone at 192.168.1.3 and
|
transparent proxy running in your local zone at 192.168.1.3 and
|
||||||
listening on port 3128. Your local interface is eth1. There may also be
|
listening on port 3128. Your local interface is eth1. There may also be
|
||||||
a web server running on 192.168.1.3. It is assumed that web access is
|
a web server running on 192.168.1.3. It is assumed that web access is
|
||||||
already enabled from the local zone to the internet..</para>
|
already enabled from the local zone to the internet.</para>
|
||||||
|
|
||||||
|
<para>If you are running a Shorewall version earlier than 2.3.3 OR your
|
||||||
|
kernel and/or iptables do not have ROUTE target support then:</para>
|
||||||
|
|
||||||
<orderedlist>
|
<orderedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -207,6 +210,27 @@ fi</command></programlisting>
|
|||||||
<programlisting><command>run_and_save_command "/etc/shorewall/addroutes"</command></programlisting>
|
<programlisting><command>run_and_save_command "/etc/shorewall/addroutes"</command></programlisting>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>In <filename>/etc/shorewall/start</filename> add:</para>
|
||||||
|
|
||||||
|
<programlisting><command>iptables -t mangle -A PREROUTING -i eth1 -s ! 192.168.1.3 -p tcp --dport 80 -j MARK --set-mark 202</command></programlisting>
|
||||||
|
</listitem>
|
||||||
|
</orderedlist>
|
||||||
|
|
||||||
|
<para>If you are running Shorewall 2.3.3 or later and your kernel and
|
||||||
|
iptables have ROUTE target support then add this entry to
|
||||||
|
/etc/shorewall/routes:</para>
|
||||||
|
|
||||||
|
<blockquote>
|
||||||
|
<programlisting>#SOURCE DEST PROTO PORT(S) SOURCE INTERFACE GATEWAY
|
||||||
|
# PORT(S)
|
||||||
|
eth1 0.0.0.0/0 tcp 80 - eth1 192.168.1.3</programlisting>
|
||||||
|
</blockquote>
|
||||||
|
|
||||||
|
<para>Regardless of your Shorewall version or your kernel and iptables
|
||||||
|
ROUTE target support, you need the following:</para>
|
||||||
|
|
||||||
|
<orderedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>In
|
<para>In
|
||||||
<filename><filename>/etc/shorewall/interfaces</filename></filename>:</para>
|
<filename><filename>/etc/shorewall/interfaces</filename></filename>:</para>
|
||||||
@ -234,12 +258,6 @@ loc loc ACCEPT</programlisting>
|
|||||||
</orderedlist>
|
</orderedlist>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>In <filename>/etc/shorewall/start</filename> add:</para>
|
|
||||||
|
|
||||||
<programlisting><command>iptables -t mangle -A PREROUTING -i eth1 -s ! 192.168.1.3 -p tcp --dport 80 -j MARK --set-mark 202</command></programlisting>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>On 192.168.1.3, arrange for the following command to be
|
<para>On 192.168.1.3, arrange for the following command to be
|
||||||
executed after networking has come up</para>
|
executed after networking has come up</para>
|
||||||
@ -263,6 +281,9 @@ chkconfig --level 35 iptables on</command></programlisting>
|
|||||||
192.0.2.177. You want to run both a web server and Squid on that system.
|
192.0.2.177. You want to run both a web server and Squid on that system.
|
||||||
Your DMZ interface is eth1 and your local interface is eth2.</para>
|
Your DMZ interface is eth1 and your local interface is eth2.</para>
|
||||||
|
|
||||||
|
<para>If you are running a Shorewall version earlier than 2.3.3 OR your
|
||||||
|
kernel and/or iptables do not have ROUTE target support then:</para>
|
||||||
|
|
||||||
<orderedlist>
|
<orderedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>On your firewall system, issue the following command</para>
|
<para>On your firewall system, issue the following command</para>
|
||||||
@ -327,7 +348,22 @@ fi</command></programlisting>
|
|||||||
</listitem>
|
</listitem>
|
||||||
</orderedlist>
|
</orderedlist>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
</orderedlist>
|
||||||
|
|
||||||
|
<para>If you are running Shorewall 2.3.3 or later and your kernel and
|
||||||
|
iptables have ROUTE target support then add this entry to
|
||||||
|
/etc/shorewall/routes:</para>
|
||||||
|
|
||||||
|
<blockquote>
|
||||||
|
<programlisting>#SOURCE DEST PROTO PORT(S) SOURCE INTERFACE GATEWAY
|
||||||
|
# PORT(S)
|
||||||
|
eth2 0.0.0.0/0 tcp 80 - eth1 192.0.2.177</programlisting>
|
||||||
|
</blockquote>
|
||||||
|
|
||||||
|
<para>Regardless of your Shorewall version or your kernel and iptables
|
||||||
|
ROUTE target support, you need the following:</para>
|
||||||
|
|
||||||
|
<orderedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>In <filename>/etc/shorewall/rules</filename>, you will
|
<para>In <filename>/etc/shorewall/rules</filename>, you will
|
||||||
need:</para>
|
need:</para>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user