On Wed October 27 2004 10:14 am, Davide Braghiroli wrote:
I, my name is Davide and I would ask you if you can help me with a SuSEfirewall2 problem.
I've the transparent proxy and I've set the rule:
Fw_redirect="172.16.1.0/24,!111.111.111.111/26,tcp,80,8080"
111.111.111.111 is an example. I need to exclude from the redirect 2 or more ips, how can I do?
Please help me if you can.
Thanks, Davide
From file:/usr/share/docs/SuSEfirewall2/SuSEfirewall2.sysconfig ## Type: string # 15.) # Which accesses to services should be redirected to a localport on the # firewall machine? # # This can be used to force all internal users to surf via your squid proxy, # or transparently redirect incoming webtraffic to a secure webserver. # # Choice: leave empty or use the following explained syntax of redirecting # rules, seperated by a space. # A redirecting rule consists of 1) source IP/net, 2) destination IP/net, # 3) protocol (tcp or udp) 3) original destination port and 4) local port to # redirect the traffic to, seperated by a colon. e.g.: # "10.0.0.0/8,0/0,tcp,80,3128 0/0,172.20.1.1,tcp,80,8080" # Please note that as 2) destination, you may add '!' in front of the IP/net # to specify everything EXCEPT this IP/net. # FW_REDIRECT="" Which in your case might look like this where the first is allowed and the second and third are not allowed. FW_REDIRECT="172.16.1.0/24,aaa.bbb.ccc.ddd,tcp,80,8080 172.16.1.0/24,!111.111.111.111/26,tcp,80,8080 0/0,!222.222.222.222/26,tcp,80,8080" And also note: http://portal.suse.com/sdb/en/2004/08/kssingvo_squid_transparent_proxy.html Which had me going for a while. squid-2.5.STABLE6 works for me. Stan