We are trying to configure shorewall as follows:
1. We have shorewall running at gateway (172.16.1.1) with NAT.
2. We have a number of web servers (172.16.1.x/24). These web servers are accessed through port forwarding at the gateway (172.16.1.1) and websites are visible through virtual hosting through a web re-director.
3. Presently the proxy server runs in a transparent mode, i.e., all web requests goes to the gateway at port 80, they gets redirected to 3128, content filtering is done there via ufdbguard and acceptable requests are forwarded.
Now we wish to switch to non-transparent mode as follows:
1. Users of our LAN are authenticated on an LDAP server and they are
suppose to manually setup proxy settings for their browsers for internet access at port 3128 looking at our
Now the problem we are facing is that with non-transparanet proxy setting from wthin our Intranet (172.x.y.z/8) we are unable to see our internal websites which are running on 172.16.1.x/24 !!
The rules we are using in transparanet mode are:
For the gateway:
(The external interface is at 210.212.X.Y (eth0)
The internal interface is at 172.16.1.1 (eth1))
# Squid for web access
REDIRECT loc 3128 tcp 80 - !210.212.X.Y
DNAT loc loc:172.16.1.10 tcp www - 210.212.X.Y
eth1:172.16.1.10 eth1 172.16.1.1 tcp www
The routeback option has been set for eth1 as well.
Can someone suggest the revised rules so that we may run this in non-transparent mode as mentioned above and still be able to view the internal webservers through port forwarding?
Thanks in advance.