Re: [m0n0wall] m0n0 and squid

From:	Lee Sharp <leesharp at hal dash pc dot org>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] m0n0 and squid
Date:	Fri, 02 Mar 2007 08:57:54 -0600

Henning Andreseck wrote:
> hi,
> i want to set up a squid before the m0n0wall. i thougt about deny all
> traffic from my lan (192.168.17.0/24) to the WAN. and allow only the
> proxy. is this right? i'm not shure. can i get direct access for a server?
> maby with opening port 80&21 only for the ip of my server?
> thank you.


This is an old e-mail about mail servers, but should work for squid.

Jonathan De Graeve wrote:

 >> Van: Matt Juszczak [mailto:matt at atopia dot net]

 >> For a client, we need to redirect all outgoing port 25 connections
 >> through the m0n0wall to a specific IP/port on the INTERNAL lan (so in
 >> other words, capture all outgoing port 25 connections and redirect
 > them to
 >> a specific IP on port 25).... this is to force use of a specific SMTP
 >> server seamlessly.
 >>
 >> Is this possible?


 > Yes, put this between your nat tags
 >
 > 		<rule>
 > 			<protocol>tcp</protocol>
 > 			<external-port>25</external-port>
 > 			<target>serveripinhere</target>
 > 			<local-port>25</local-port>
 > 			<interface>lan</interface>
 > 			<descr>redirect SMTP to LAN SMTP server</descr>
 > 		</rule>
 >
 > J.