[ previous ] [ next ] [ threads ]
 
 From:  "Ryan Wagoner" <Ryan at wgnrs dot dynu dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Settings For Squid Transparent Proxy
 Date:  Mon, 6 Feb 2006 16:05:53 -0500
Alright so I can't figure out to add the rdr rule manually. You normally have to add it to the ipnat
file and then reload the ipnat config which flushes everything out. 

The following will give me this rdr rule, but now squid is being looped back to itself. 

rdr xl0 0.0.0.0/0 port 80 -> 10.10.1.6 port 3128 tcp

 <rule>
  <protocol>tcp</protocol>
  <external-port>3128</external-port>
  <target>10.10.1.6</target>
  <local-port>80</local-port>
  <interface>lan</interface>
  <descr>HTTP to Squid</descr>  
 </rule> 

m0n0wall looks to take whatever interface you specify and throw the adapter name and 0.0.0.0/0 in
for the rdr rule. So there looks to be no way to make the 2nd rdr rule.

rdr xl0 10.10.1.6/32 port 80 -> 127.0.0.1 port 80 tcp

-----Original Message-----
From: Ryan Wagoner [mailto:Ryan at wgnrs dot dynu dot com]
Sent: Mon 2/6/2006 12:50 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Settings For Squid Transparent Proxy
 
Okay so I figured out the rdr rules. I found an example on a website and it seems to make sense.
They should be the following.
 
rdr xl0 10.10.1.6/32 port 80 -> 127.0.0.1 port 80 tcp
rdr xl0 0.0.0.0/0 port 80 -> 10.10.1.6 port 3128 tcp
 
So this would do what I want and allow squid traffic out through the localhost and the rest gets
directed through squid. Now I doubt theres any way to retrofit this into a nat rule for the
config.xml file. When I get home I should be able to use exec.php and run the commands. If so is
there a way I can execute these commands at each reboot? Or am I looking at having to make a custom
image for the router.
 
Thanks,
Ryan Wagoner

________________________________

From: Jason Brunk [mailto:jbrunk at wthosting dot com]
Sent: Mon 2/6/2006 12:40 PM
To: Ryan Wagoner; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Settings For Squid Transparent Proxy



If I remember correctly you can add a rule like

no rdr

And that will say do not redirect for this, however, I have not had much
luck with getting this to work on one of my bsd boxes.

Jason

-----Original Message-----
From: Ryan Wagoner [mailto:Ryan at wgnrs dot dynu dot com]
Sent: Monday, February 06, 2006 12:36 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Settings For Squid Transparent Proxy

I've done some reading on FreeBSD and squid and it looks like I need to use
rdr rules to router the traffic. It seems to me that m0n0wall takes the nat
section of the config.xml file and generates the rdr rules from it.

It looks like the rdr rule needx to look like something below. This would
take all the traffic coming to m0n0wall on port 80 lan interface (xl0) and
direct it to my squid machine.

        # Redirect everything else to squid on port 3127
        rdr xl0 0.0.0.0/0 port 80 -> 10.10.1.6 port 3127 tcp

However it is going to form a continuous loop redirecting squid traffic back
to squid. So it looks like I need another rule added above the rule aboe.
This way squid traffic could go out but all other traffic would go to squid.

        # Redirect direct proxy traffic to internet.
        rdr xl0 10.10.1.6/32 port 80 -> ????? port 80 tcp

The problem lies where the ??? marks are as I don't know what to put for the
destination ip.

From here how do I get this in the format below. I'm having problems
figuring out how I specify 10.10.16/32.

 <nat>
 <rule>
  <protocol>tcp</protocol>
  <external-port>25</external-port>
  <target>192.168.1.5</target>
  <local-port>25</local-port>
  <interface>lan</interface>
  <descr>redirect SMTP to LAN SMTP server</descr>  </rule>  </nat>

Any help on this would be greatly apprecaited.

________________________________

From: Lee Sharp [mailto:leesharp at hal dash pc dot org]
Sent: Thu 2/2/2006 2:45 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Settings For Squid Transparent Proxy



From: "Ryan Wagoner" <Ryan at wgnrs dot dynu dot com>

> I have m0n0wall setup between my DSL modem and home network.
> Its IP is 10.10.1.1. I have a Fedora squid server running at 10.10.1.6
>. What I want to do is setup a rule so that any oubound traffic on port
>80  not coming from squid 10.10.1.6 gets redirected to squid. That why
>I  can have a transparent proxy for port 80. How do I go about doing this?
> I know I need the rule on the LAN side, but can the rules page
>redirect  traffic?? I thought this was only possible from NAT. I just
>don't want to  put in some random rules and upset the network.

Chris posted this a while back...

                            Lee

I recall something in the archives about somebody doing something similar
using a hacked NAT rule.

Like manually put something like this in your config.xml backup and restore
it.

 <nat>
 <rule>
  <protocol>tcp</protocol>
  <external-port>25</external-port>
  <target>192.168.1.5</target>
  <local-port>25</local-port>
  <interface>lan</interface>
  <descr>redirect SMTP to LAN SMTP server</descr>  </rule>  </nat>

where 192.168.1.5 is your SMTP server.

That might really screw stuff up though, so test it thoroughly first to make
sure it has no unintended consequences (if it works at all).

If someone tries it, please let me know if it works.

-Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch




---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch





---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch