Help: Redirector Rules
 
Introduction Enter your redirector rules here. You need to enter the following for each rule:
  • Rule Number: This defines where the rule is entered into the list. For example, to enter a new rule between 100 and 200, number it "150". The rules will be re-numbered on each iteration of the firewall, so you can continue entering rules between each new pair of rules. If you leave this blank then the rule will go at the end of the rule set.
  • Source: Select a source network object (where the packet is coming from).
  • Destination: Select a destination network object (where the packet is going to).
  • Protocol: Select a network protocol, udp or tcp.
  • From Port: What port the redirection is starting from (what port the packet was originally sent to). For example, to redirect traffic for external web servers, enter the port name www.
  • To Port: Select the port that the packet is to be redirected to. For example, if you have a squid proxy server on the firewall, listening on port squidproxy, then enter the port name squidproxy.
Note that the From Port and To Port must both use the same protocol. You cannot redirect a TCP connection to a UDP port.

You also need to have CONFIG_IP_TRANSPARENT_PROXY defined in your kernel. The connection will always be redirected to a socket on the local (firewall) host -- if you want to redirect it elsewhere then you must use in.tproxyd from the transproxy package.


What is
Redirection?
Redirection is used for transparent proxies.

You can use redirection to "catch" outgoing WWW requests going through your firewall, and redirect them to a proxy server running on the firewall.

The proxy server must be capable of acting as a transparent proxy (eg: squid). Make sure that you have defined the following rules within the squid configuration file:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
You need to have masquerading turned on for a network object in order for redirection for that network object to work.
Example
Rules
Here is the basic squid redirection rule:
  • Source Destination Protocol From Port To Port
  • ETH0_NET ALL tcp www squidproxy

Tricks and
Traps
There are no functions to renumber, copy, or move a rule in this system. Some ways around this include:
  • To copy a rule: Click on the "Edit" icon, and change the rule number. For example, to make a copy of rule 3100, edit it, and change the rule number field in the edit window to 3150. When this is saved it will appear as a new rule.
  • To move or renumber a rule: Copy the rule to the new location, then delete the old rule.
  • To delete a bunch of rules: Click the delete button multiple times. How lazy can you get?