holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Update Local Squid example to use tcrules rather than /etc/shorewall/start

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8830 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-10-31 16:32:22 +00:00
parent 8a3b419c11
commit a3c94ab131
2 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/Multiple_Zones.xml
View File

@ -185,7 +185,10 @@
<graphic fileref="images/MultiZone1A.png" /> <graphic fileref="images/MultiZone1A.png" />
<para>The advantage of this approach is that the zone <para><note>
<para>The Router in the above diagram is assumed to NOT be doing
SNAT for the hosts in the 192.168.2.0/24 network.</para>
</note>The advantage of this approach is that the zone
<quote>loc1</quote> can use CONTINUE policies such that if a <quote>loc1</quote> can use CONTINUE policies such that if a
connection request doesn't match a <quote>loc1</quote> rule, it will connection request doesn't match a <quote>loc1</quote> rule, it will
be matched against the <quote>loc</quote> rules. For example, if your be matched against the <quote>loc</quote> rules. For example, if your
@ -233,7 +236,10 @@ loc1 loc NONE</programlisting>
<graphic fileref="images/MultiZone1B.png" /> <graphic fileref="images/MultiZone1B.png" />
<para><filename>/etc/shorewall/zones</filename></para> <para><note>
<para>The Router in the above diagram is assumed to NOT be doing
SNAT for the hosts in the 192.168.2.0/24 network.</para>
</note><filename>/etc/shorewall/zones</filename></para>
<programlisting>#ZONE TYPE OPTIONS <programlisting>#ZONE TYPE OPTIONS
loc1 ipv4 loc1 ipv4

12
docs/Shorewall_Squid_Usage.xml
View File

@ -18,7 +18,7 @@
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate> <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright> <copyright>
<year>2003-2007</year> <year>2003-2008</year>
<holder>Thomas M. Eastep</holder> <holder>Thomas M. Eastep</holder>
</copyright> </copyright>
@ -39,9 +39,9 @@
Proxy or as a Manual Proxy.</para> Proxy or as a Manual Proxy.</para>
<caution> <caution>
<para><emphasis role="bold">This article applies to Shorewall 3.0 and <para><emphasis role="bold">This article applies to Shorewall 4.0 and
later. If you are running a version of Shorewall earlier than Shorewall later. If you are running a version of Shorewall earlier than Shorewall
3.0.0 then please see the documentation for that 4.0.0 then please see the documentation for that
release.</emphasis></para> release.</emphasis></para>
</caution> </caution>
@ -199,9 +199,11 @@ Squid 1 202 - eth1 192.168.1.3 loose</p
</listitem> </listitem>
<listitem> <listitem>
<para>In <filename>/etc/shorewall/start</filename> add:</para> <para>In <filename>/etc/shorewall/tcrules</filename> add:</para>
<programlisting><command>iptables -t mangle -A PREROUTING -i eth1 -s ! 192.168.1.3 -p tcp --dport 80 -j MARK --set-mark 202</command> </programlisting> <programlisting>#MARK SOURCE DEST PROTO DEST
# PORT(S)
202:P eth1:!192.168.1.3 0.0.0.0/0 tcp 80</programlisting>
</listitem> </listitem>
<listitem> <listitem>