Jürgen Mell wrote:
[...] So far - so good. But what I am missing now is the masquerading of the IP address of the computer on the internal network (it gets a dynamic IP from the private address range 192.168.x.y). In the firewall script I have disabled masquerading (FW_MASQUERADE="no") to prevent any packets going out without using the squid proxy.
Is there any way to open direct connections from the internal network _only_ for destination ports 8000 to 8006 without opening everything else (file-sharing networks etc.)? What iptables commands do I need for this purpose? Is there any better way to get this wounderful piece of software to work?
FW_MASQUERADE=yes FW_MASQ_NETS="192.168.0.0/24,0/0,tcp,8000:8006" It defeats the whole purpose of your proxy setup as one can run anything at port 8000 though. So it's probably a good idea to further restrict both IP ranges. Maybe elster also works with a socks proxy or can be tricked to use one with socksify. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/