Hi, I had the same problem while setting up my Firewall/Proxy. The problem seems to be an incorrect piece of sample code within the default firewall config file. At last I simply followed to the sample code from the Suse Network Booklet, where the redirect command looks like this: FW_REDIRECT_TCP='192.xxx.xxx.xxx/yy,0/0,80,3128' or FW_REDIRECT_UDP='192.xxx.xxx.xxx/yy,0/0,80,3128' this can be done for ftp and https as well. Since my Firewall/Proxy are continuously running. Hope, this will go with you as well. rgds Andreas Niederstadt Am Donnerstag den, 13. Dezember 2001, um 16:16, schrieb Robert Szentmihalyi:
Hi,
I have set up a DSL router (SuSE Linux 7.3, kernel 2.4.16 + grsecurity-1.9) which does packet filtering with SuSEfirewall2
Now, because of the problems some sites with impropery configured firewalls (like www.gmx.de and www.postbank.de) have with Path MTU discovery, I have set up squid on the router.
The sites are accessible now, but I don't seem to get SuSEfirewall2 to transparently redirect http traffic to port 3128, so that I don't have to configure each client to use the proxy.
I set FW_SERVICE_SQUID="yes" and FW_REDIRECT="192.168.100.0/24,0/0,tcp,80,3128" but it doesn't seem to help much... Any ideas on what I could have overlooked?
Any better solutions to the MTU problem are also greatly appreciated.
TIA, Robert
-- Where do you want to be tomorrow?
Entracom. Building Linux systems. http://www.entracom.de
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––– Niederstadt EDV Service Lettenstrasse 29 D - 79424 Auggen Tel: +49 (0)7631 173715 Fax: +49 (0)7631 173716 E-Mail: adowntown@mac.com ––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––