|
|
Introduction |
Enter your redirector rules here. You need to enter the following
for each rule:
- Rule Number: This defines where the rule is entered into
the list. For example, to enter a new rule between 100 and 200,
number it "150". The rules will be re-numbered on each iteration
of the firewall, so you can continue entering rules between each
new pair of rules. If you leave this blank then the rule will go
at the end of the rule set.
- Source: Select a source network object (where the packet
is coming from).
- Destination: Select a destination network object (where the
packet is going to).
- Protocol: Select a network protocol, udp or tcp.
- From Port: What port the redirection is starting from
(what port the packet was originally sent to). For example, to redirect
traffic for external web servers, enter the port name www.
- To Port: Select the port that
the packet is to be redirected to. For example, if you have a squid
proxy server on the firewall, listening on port squidproxy, then
enter the port name squidproxy.
Note that the From Port and To Port must both use
the same protocol. You cannot redirect a TCP connection to a UDP port.
You also need to have CONFIG_IP_TRANSPARENT_PROXY defined in your
kernel. The connection will always be redirected to a socket on
the local (firewall) host -- if you want to redirect it elsewhere
then you must use in.tproxyd from the transproxy package.
|
What is Redirection? |
Redirection is used for transparent proxies.
You can use redirection to "catch" outgoing WWW requests going through
your firewall, and redirect them to a proxy server running on the firewall.
The proxy server must be capable of acting as a transparent proxy
(eg: squid). Make sure that you have defined the following rules
within the squid configuration file:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
You need to have masquerading turned on for a network object in order
for redirection for that network object to work.
|
Example Rules |
Here is the basic squid redirection rule:
- Source Destination Protocol From Port To Port
- ETH0_NET ALL tcp www squidproxy
|
Tricks and Traps |
There are no functions to renumber, copy, or move a rule in this system.
Some ways around this include:
- To copy a rule: Click on the "Edit" icon, and change the rule number.
For example, to make a copy of rule 3100, edit it, and change the rule
number field in the edit window to 3150. When this is saved it will appear
as a new rule.
- To move or renumber a rule: Copy the rule to the new location, then
delete the old rule.
- To delete a bunch of rules: Click the delete button multiple times.
How lazy can you get?
|