[ previous ] [ next ] [ threads ]
 
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Weird setup
 Date:  Wed, 15 Aug 2007 22:13:54 -0500
Mike wrote:
> Chris Bagnall wrote:
>>>> How, if at all, would I go about configuring this? Essentially IPcop
>>>> does not need to act as a firewall, it has to pass the IPsec traffic
>>>> through to the m0n0 box. It only needs to act as a proxy. Should I
>>>> just ditch the m0n0 in favor of IPcop? Hate to do it.
>>
>> As someone who moved from IPCop to m0n0wall a few years ago, I'd 
>> strongly advise against going back.
>>
>> Your best bet might be to use a bog-standard linux box in a separate 
>> subnet running squid. Set up rules to push everything on port 80 from 
>> the three LANs through the squid box and you should achieve the 
>> transparent caching you desire. It's been a good 4 or 5 years since I 
>> last worked with squid, but I do remember it working fairly successfully.
>>
>> Regards,
>>
>> Chris
> 
> Excellent suggestion that never even crossed my mind. Thanks! I will 
> give that a shot. Any ideas how I might direct HTTP traffic through that 
> box though? Outbound rules on a per internal interface basis?

Let me shamelessly post something Chris posted on 10/3/05...

I recall something in the archives about somebody doing something
similar using a hacked NAT rule.

Like manually put something like this in your config.xml backup and
restore it.

  <nat>
  <rule>
   <protocol>tcp</protocol>
   <external-port>25</external-port>
   <target>192.168.1.5</target>
   <local-port>25</local-port>
   <interface>lan</interface>
   <descr>redirect SMTP to LAN SMTP server</descr>
  </rule>
  </nat>

where 192.168.1.5 is your SMTP server.

That might really screw stuff up though, so test it thoroughly first
to make sure it has no unintended consequences (if it works at all).

If someone tries it, please let me know if it works.

-Chris