|
||||||||||
well men i keep reading it, i would like to know if it work for you, i how finally you did it? 2006/2/6, Ryan Wagoner <Ryan at wgnrs dot dynu dot com>: > Alright so I can't figure out to add the rdr rule manually. You normally have to add it to the ipnat file and then reload the ipnat config which flushes everything out. > > The following will give me this rdr rule, but now squid is being looped back to itself. > > rdr xl0 0.0.0.0/0 port 80 -> 10.10.1.6 port 3128 tcp > > <rule> > <protocol>tcp</protocol> > <external-port>3128</external-port> > <target>10.10.1.6</target> > <local-port>80</local-port> > <interface>lan</interface> > <descr>HTTP to Squid</descr> > </rule> > > m0n0wall looks to take whatever interface you specify and throw the adapter name and 0.0.0.0/0 in for the rdr rule. So there looks to be no way to make the 2nd rdr rule. > > rdr xl0 10.10.1.6/32 port 80 -> 127.0.0.1 port 80 tcp > > -----Original Message----- > From: Ryan Wagoner [mailto:Ryan at wgnrs dot dynu dot com] > Sent: Mon 2/6/2006 12:50 PM > To: m0n0wall at lists dot m0n0 dot ch > Subject: RE: [m0n0wall] Settings For Squid Transparent Proxy > > Okay so I figured out the rdr rules. I found an example on a website and it seems to make sense. They should be the following. > > rdr xl0 10.10.1.6/32 port 80 -> 127.0.0.1 port 80 tcp > rdr xl0 0.0.0.0/0 port 80 -> 10.10.1.6 port 3128 tcp > > So this would do what I want and allow squid traffic out through the localhost and the rest gets directed through squid. Now I doubt theres any way to retrofit this into a nat rule for the config.xml file. When I get home I should be able to use exec.php and run the commands. If so is there a way I can execute these commands at each reboot? Or am I looking at having to make a custom image for the router. > > Thanks, > Ryan Wagoner > > ________________________________ > > From: Jason Brunk [mailto:jbrunk at wthosting dot com] > Sent: Mon 2/6/2006 12:40 PM > To: Ryan Wagoner; m0n0wall at lists dot m0n0 dot ch > Subject: RE: [m0n0wall] Settings For Squid Transparent Proxy > > > > If I remember correctly you can add a rule like > > no rdr > > And that will say do not redirect for this, however, I have not had much > luck with getting this to work on one of my bsd boxes. > > Jason > > -----Original Message----- > From: Ryan Wagoner [mailto:Ryan at wgnrs dot dynu dot com] > Sent: Monday, February 06, 2006 12:36 PM > To: m0n0wall at lists dot m0n0 dot ch > Subject: RE: [m0n0wall] Settings For Squid Transparent Proxy > > I've done some reading on FreeBSD and squid and it looks like I need to use > rdr rules to router the traffic. It seems to me that m0n0wall takes the nat > section of the config.xml file and generates the rdr rules from it. > > It looks like the rdr rule needx to look like something below. This would > take all the traffic coming to m0n0wall on port 80 lan interface (xl0) and > direct it to my squid machine. > > # Redirect everything else to squid on port 3127 > rdr xl0 0.0.0.0/0 port 80 -> 10.10.1.6 port 3127 tcp > > However it is going to form a continuous loop redirecting squid traffic back > to squid. So it looks like I need another rule added above the rule aboe. > This way squid traffic could go out but all other traffic would go to squid. > > # Redirect direct proxy traffic to internet. > rdr xl0 10.10.1.6/32 port 80 -> ????? port 80 tcp > > The problem lies where the ??? marks are as I don't know what to put for the > destination ip. > > From here how do I get this in the format below. I'm having problems > figuring out how I specify 10.10.16/32. > > <nat> > <rule> > <protocol>tcp</protocol> > <external-port>25</external-port> > <target>192.168.1.5</target> > <local-port>25</local-port> > <interface>lan</interface> > <descr>redirect SMTP to LAN SMTP server</descr> </rule> </nat> > > Any help on this would be greatly apprecaited. > > ________________________________ > > From: Lee Sharp [mailto:leesharp at hal dash pc dot org] > Sent: Thu 2/2/2006 2:45 PM > To: m0n0wall at lists dot m0n0 dot ch > Subject: Re: [m0n0wall] Settings For Squid Transparent Proxy > > > > From: "Ryan Wagoner" <Ryan at wgnrs dot dynu dot com> > > > I have m0n0wall setup between my DSL modem and home network. > > Its IP is 10.10.1.1. I have a Fedora squid server running at 10.10.1.6 > >. What I want to do is setup a rule so that any oubound traffic on port > >80 not coming from squid 10.10.1.6 gets redirected to squid. That why > >I can have a transparent proxy for port 80. How do I go about doing this? > > I know I need the rule on the LAN side, but can the rules page > >redirect traffic?? I thought this was only possible from NAT. I just > >don't want to put in some random rules and upset the network. > > Chris posted this a while back... > > Lee > > I recall something in the archives about somebody doing something similar > using a hacked NAT rule. > > Like manually put something like this in your config.xml backup and restore > it. > > <nat> > <rule> > <protocol>tcp</protocol> > <external-port>25</external-port> > <target>192.168.1.5</target> > <local-port>25</local-port> > <interface>lan</interface> > <descr>redirect SMTP to LAN SMTP server</descr> </rule> </nat> > > where 192.168.1.5 is your SMTP server. > > That might really screw stuff up though, so test it thoroughly first to make > sure it has no unintended consequences (if it works at all). > > If someone tries it, please let me know if it works. > > -Chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > |