[ previous ] [ next ] [ threads ]
 
 From:  Ivan Blanco <ivanwhite at gmail dot com>
 To:  Ryan Wagoner <Ryan at wgnrs dot dynu dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Settings For Squid Transparent Proxy
 Date:  Mon, 6 Feb 2006 21:25:23 -0500
well men i keep reading it, i would like to know if it work for you, i
how finally you did it?

2006/2/6, Ryan Wagoner <Ryan at wgnrs dot dynu dot com>:
> Alright so I can't figure out to add the rdr rule manually. You normally have to add it to the
ipnat file and then reload the ipnat config which flushes everything out.
>
> The following will give me this rdr rule, but now squid is being looped back to itself.
>
> rdr xl0 0.0.0.0/0 port 80 -> 10.10.1.6 port 3128 tcp
>
>  <rule>
>   <protocol>tcp</protocol>
>   <external-port>3128</external-port>
>   <target>10.10.1.6</target>
>   <local-port>80</local-port>
>   <interface>lan</interface>
>   <descr>HTTP to Squid</descr>
>  </rule>
>
> m0n0wall looks to take whatever interface you specify and throw the adapter name and 0.0.0.0/0 in
for the rdr rule. So there looks to be no way to make the 2nd rdr rule.
>
> rdr xl0 10.10.1.6/32 port 80 -> 127.0.0.1 port 80 tcp
>
> -----Original Message-----
> From: Ryan Wagoner [mailto:Ryan at wgnrs dot dynu dot com]
> Sent: Mon 2/6/2006 12:50 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Settings For Squid Transparent Proxy
>
> Okay so I figured out the rdr rules. I found an example on a website and it seems to make sense.
They should be the following.
>
> rdr xl0 10.10.1.6/32 port 80 -> 127.0.0.1 port 80 tcp
> rdr xl0 0.0.0.0/0 port 80 -> 10.10.1.6 port 3128 tcp
>
> So this would do what I want and allow squid traffic out through the localhost and the rest gets
directed through squid. Now I doubt theres any way to retrofit this into a nat rule for the
config.xml file. When I get home I should be able to use exec.php and run the commands. If so is
there a way I can execute these commands at each reboot? Or am I looking at having to make a custom
image for the router.
>
> Thanks,
> Ryan Wagoner
>
> ________________________________
>
> From: Jason Brunk [mailto:jbrunk at wthosting dot com]
> Sent: Mon 2/6/2006 12:40 PM
> To: Ryan Wagoner; m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Settings For Squid Transparent Proxy
>
>
>
> If I remember correctly you can add a rule like
>
> no rdr
>
> And that will say do not redirect for this, however, I have not had much
> luck with getting this to work on one of my bsd boxes.
>
> Jason
>
> -----Original Message-----
> From: Ryan Wagoner [mailto:Ryan at wgnrs dot dynu dot com]
> Sent: Monday, February 06, 2006 12:36 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Settings For Squid Transparent Proxy
>
> I've done some reading on FreeBSD and squid and it looks like I need to use
> rdr rules to router the traffic. It seems to me that m0n0wall takes the nat
> section of the config.xml file and generates the rdr rules from it.
>
> It looks like the rdr rule needx to look like something below. This would
> take all the traffic coming to m0n0wall on port 80 lan interface (xl0) and
> direct it to my squid machine.
>
>         # Redirect everything else to squid on port 3127
>         rdr xl0 0.0.0.0/0 port 80 -> 10.10.1.6 port 3127 tcp
>
> However it is going to form a continuous loop redirecting squid traffic back
> to squid. So it looks like I need another rule added above the rule aboe.
> This way squid traffic could go out but all other traffic would go to squid.
>
>         # Redirect direct proxy traffic to internet.
>         rdr xl0 10.10.1.6/32 port 80 -> ????? port 80 tcp
>
> The problem lies where the ??? marks are as I don't know what to put for the
> destination ip.
>
> From here how do I get this in the format below. I'm having problems
> figuring out how I specify 10.10.16/32.
>
>  <nat>
>  <rule>
>   <protocol>tcp</protocol>
>   <external-port>25</external-port>
>   <target>192.168.1.5</target>
>   <local-port>25</local-port>
>   <interface>lan</interface>
>   <descr>redirect SMTP to LAN SMTP server</descr>  </rule>  </nat>
>
> Any help on this would be greatly apprecaited.
>
> ________________________________
>
> From: Lee Sharp [mailto:leesharp at hal dash pc dot org]
> Sent: Thu 2/2/2006 2:45 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Settings For Squid Transparent Proxy
>
>
>
> From: "Ryan Wagoner" <Ryan at wgnrs dot dynu dot com>
>
> > I have m0n0wall setup between my DSL modem and home network.
> > Its IP is 10.10.1.1. I have a Fedora squid server running at 10.10.1.6
> >. What I want to do is setup a rule so that any oubound traffic on port
> >80  not coming from squid 10.10.1.6 gets redirected to squid. That why
> >I  can have a transparent proxy for port 80. How do I go about doing this?
> > I know I need the rule on the LAN side, but can the rules page
> >redirect  traffic?? I thought this was only possible from NAT. I just
> >don't want to  put in some random rules and upset the network.
>
> Chris posted this a while back...
>
>                             Lee
>
> I recall something in the archives about somebody doing something similar
> using a hacked NAT rule.
>
> Like manually put something like this in your config.xml backup and restore
> it.
>
>  <nat>
>  <rule>
>   <protocol>tcp</protocol>
>   <external-port>25</external-port>
>   <target>192.168.1.5</target>
>   <local-port>25</local-port>
>   <interface>lan</interface>
>   <descr>redirect SMTP to LAN SMTP server</descr>  </rule>  </nat>
>
> where 192.168.1.5 is your SMTP server.
>
> That might really screw stuff up though, so test it thoroughly first to make
> sure it has no unintended consequences (if it works at all).
>
> If someone tries it, please let me know if it works.
>
> -Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>