Redirecting *internal* traffic

From:	Hilton Travis <Hilton at QuarkAV dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Redirecting internal traffic
Date:	Sat, 24 Apr 2004 09:15:29 +1000

Hi All,

Posting of this was kinda prompted by Fred's recent "Transparent proxy
support?" question.

I have a project in mind where m0n0wall will play an important part.  A
part of what I want to do is to *not* have a squid box directly inline
with the m0n0wall box, simply to reduce the number of points of failure
in the Internet connection - if I place a squid box between m0n0wall and
the network, if the squid box b0rks, the Internet connection b0rks.

So, what I'd like to be able to do is to have a rule/ruleset on m0n0wall
that redirects all LAN->WAN requests for http/ftp traffic to the squid
server, and only accept http and ftp traffic from the squid server.

This would mean that if the squid box dies, email will still function.

Any clues on relevant rules?

-- 

Regards,

Hilton Travis                   Phone: +61-(0)7-3343-3889
Manager, Quark AudioVisual      Phone: +61-(0)419-792-394
         Quark Computers         http://www.QuarkAV.com/
(Brisbane, Australia)            http://www.QuarkAV.net/

Open Source Projects:		http://www.ares-desktop.org/
				http://www.mamboband.org/

Non Linear Video Editing Solutions & Digital Audio Workstations
 Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
  Conference and Seminar AudioVisual Production and Recording

War doesn't determine who is right. War determines who is left.