holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Improve TPROXY documentation

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-05-11 11:39:15 -07:00
parent f77b350a7b
commit bad8b9bddb
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/Shorewall_Squid_Usage.xml
View File

@ -348,12 +348,12 @@ Tproxy 1 - - lo - tproxy</programli
</note> </note>
<para><filename>/etc/shorewall/tcrules</filename> (assume loc interface is <para><filename>/etc/shorewall/tcrules</filename> (assume loc interface is
eth1):</para> eth1 and net interface is eth0):</para>
<programlisting>MARK SOURCE DEST PROTO DEST SOURCE <programlisting><emphasis role="bold">FORMAT 2</emphasis>
PORT(S) PORT(S) #MARK SOURCE DEST PROTO DEST SOURCE
DIVERT - 0.0.0.0/0 tcp 80 # PORT(S) PORT(S)
DIVERT - 0.0.0.0/0 tcp - 80 DIVERT eth0 0.0.0.0/0 tcp - 80
TPROXY(3129) eth1 0.0.0.0/0 tcp 80</programlisting> TPROXY(3129) eth1 0.0.0.0/0 tcp 80</programlisting>
<para>The DIVERT rules are used to avoid unnecessary invocation of TPROXY <para>The DIVERT rules are used to avoid unnecessary invocation of TPROXY
@ -365,5 +365,11 @@ TPROXY(3129) eth1 0.0.0.0/0 tcp 80</programlisting>
<programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S) <programlisting>#ACTION SOURCE DEST PROTO DEST PORT(S)
ACCEPT loc $FW tcp 80 ACCEPT loc $FW tcp 80
ACCEPT $FW net tcp 80</programlisting> ACCEPT $FW net tcp 80</programlisting>
<para><filename>/etc/squid3/squid.conf</filename>:</para>
<programlisting>...
http_port 3129 tproxy
...</programlisting>
</section> </section>
</article> </article>