[ previous ] [ next ] [ threads ]
 
 From:  "Ryan Wagoner" <Ryan at wgnrs dot dynu dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Settings For Squid Transparent Proxy
 Date:  Mon, 6 Feb 2006 12:35:53 -0500
I've done some reading on FreeBSD and squid and it looks like I need to use rdr rules to router the
traffic. It seems to me that m0n0wall takes the nat section of the config.xml file and generates the
rdr rules from it.
 
It looks like the rdr rule needx to look like something below. This would take all the traffic
coming to m0n0wall on port 80 lan interface (xl0) and direct it to my squid machine.

        # Redirect everything else to squid on port 3127
        rdr xl0 0.0.0.0/0 port 80 -> 10.10.1.6 port 3127 tcp
 
However it is going to form a continuous loop redirecting squid traffic back to squid. So it looks
like I need another rule added above the rule aboe. This way squid traffic could go out but all
other traffic would go to squid.
 
        # Redirect direct proxy traffic to internet.
        rdr xl0 10.10.1.6/32 port 80 -> ????? port 80 tcp

The problem lies where the ??? marks are as I don't know what to put for the destination ip.
 
From here how do I get this in the format below. I'm having problems figuring out how I specify
10.10.16/32.
 
 <nat>
 <rule>
  <protocol>tcp</protocol>
  <external-port>25</external-port>
  <target>192.168.1.5</target>
  <local-port>25</local-port>
  <interface>lan</interface>
  <descr>redirect SMTP to LAN SMTP server</descr>
 </rule>
 </nat>

Any help on this would be greatly apprecaited.
 
________________________________

From: Lee Sharp [mailto:leesharp at hal dash pc dot org]
Sent: Thu 2/2/2006 2:45 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Settings For Squid Transparent Proxy



From: "Ryan Wagoner" <Ryan at wgnrs dot dynu dot com>

> I have m0n0wall setup between my DSL modem and home network.
> Its IP is 10.10.1.1. I have a Fedora squid server running at 10.10.1.6
>. What I want to do is setup a rule so that any oubound traffic on port 80
> not coming from squid 10.10.1.6 gets redirected to squid. That why I
> can have a transparent proxy for port 80. How do I go about doing this?
> I know I need the rule on the LAN side, but can the rules page redirect
> traffic?? I thought this was only possible from NAT. I just don't want to
> put in some random rules and upset the network.

Chris posted this a while back...

                            Lee

I recall something in the archives about somebody doing something
similar using a hacked NAT rule.

Like manually put something like this in your config.xml backup and
restore it.

 <nat>
 <rule>
  <protocol>tcp</protocol>
  <external-port>25</external-port>
  <target>192.168.1.5</target>
  <local-port>25</local-port>
  <interface>lan</interface>
  <descr>redirect SMTP to LAN SMTP server</descr>
 </rule>
 </nat>

where 192.168.1.5 is your SMTP server.

That might really screw stuff up though, so test it thoroughly first
to make sure it has no unintended consequences (if it works at all).

If someone tries it, please let me know if it works.

-Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch