anuj singh
2006-Jan-14 15:19 UTC
squid on shorewall, can open web pages but unable to login to email accounts
Hello!
I have two zones = loc (eth0) ; internet(eth1)
I have squid running on firewall,shorewall2.4.3, suse machine and port 8080
.
my /etc/shorewall/masq file has this entry
#INTERFACE SUBNET
eth1 eth0
#LAST LINE -- DO NOT REMOVE
For allowing local network users to allow internet (web browsing) only threw
the squid I added this line into my /etc/shorewall/rules file
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# # PORT PORT(S) DEST
ACCEPT fw net all all
REDIRECT loc 8080 tcp www - -
DROP net fw
DROP:info all all
#LAST LINE -- DO NOT REMOVE
My /etc/shorewall/policy file has this entry
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL loc net
ACCEPT -
net loc DROP info
all all REJECT -
#LAST LINE -- DO NOT REMOVE
How to configure it(sqid on firewall)?
Thanks!
--
Anuj Singh
Best Regards
==============================================Unix is simple. It just takes a
genius to understand its simplicity.
--- Dennis Ritchie
===============================================
Tom Eastep
2006-Jan-14 16:26 UTC
Re: squid on shorewall, can open web pages but unable to login to email accounts
On Saturday 14 January 2006 07:19, anuj singh wrote:> Hello! > I have two zones = loc (eth0) ; internet(eth1) > I have squid running on firewall,shorewall2.4.3, suse machine and port 8080 > . > my /etc/shorewall/masq file has this entry > #INTERFACE SUBNET > eth1 eth0 > #LAST LINE -- DO NOT REMOVE > For allowing local network users to allow internet (web browsing) only > threw the squid I added this line into my /etc/shorewall/rules file > > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL > # # PORT PORT(S) DEST > > ACCEPT fw net all all > REDIRECT loc 8080 tcp www - - > DROP net fw > DROP:info all all > #LAST LINE -- DO NOT REMOVE > > My /etc/shorewall/policy file has this entry > #SOURCE DEST POLICY LOG LIMIT:BURST > # LEVEL loc net > ACCEPT - > net loc DROP info > all all REJECT - > #LAST LINE -- DO NOT REMOVEYou really should have started using Shorewall by following the Shorewall Quickstart Guide appropriate for your version of Shorewall.> > How to configure it(sqid on firewall)?http://www.shorewall.net/Shorewall_Squid_Usage.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
anuj singh
2006-Jan-15 13:45 UTC
Re: squid on shorewall, can open web pages but unable to login to email accounts
Squid on firewall port 8080, shorewall version 2.4.3, Linux SUSE eth1(zone net) = connected to isp, eth0 = local (zone loc) I tried this in my /etc/shorewall/rules file ACCEPT fw net REDIRECT loc 8080 tcp www - - still the situation is same...I can open websites but can not login to email accounts via squid. Also After using command shorewall clear I tried this #iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080 again the same problem. thanks and regards anuj On 1/14/06, Tom Eastep <teastep@shorewall.net> wrote:> On Saturday 14 January 2006 07:19, anuj singh wrote: > > Hello! > > I have two zones = loc (eth0) ; internet(eth1) > > I have squid running on firewall,shorewall2.4.3, suse machine and port 8080 > > . > > my /etc/shorewall/masq file has this entry > > #INTERFACE SUBNET > > eth1 eth0 > > #LAST LINE -- DO NOT REMOVE > > For allowing local network users to allow internet (web browsing) only > > threw the squid I added this line into my /etc/shorewall/rules file > > > > #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL > > # # PORT PORT(S) DEST > > > > ACCEPT fw net all all > > REDIRECT loc 8080 tcp www - - > > DROP net fw > > DROP:info all all > > #LAST LINE -- DO NOT REMOVE > > > > My /etc/shorewall/policy file has this entry > > #SOURCE DEST POLICY LOG LIMIT:BURST > > # LEVEL loc net > > ACCEPT - > > net loc DROP info > > all all REJECT - > > #LAST LINE -- DO NOT REMOVE > > You really should have started using Shorewall by following the Shorewall > Quickstart Guide appropriate for your version of Shorewall. > > > > How to configure it(sqid on firewall)? > > http://www.shorewall.net/Shorewall_Squid_Usage.html > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > >-- ===========Linux Rocks ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
Tom Eastep
2006-Jan-15 15:56 UTC
Re: squid on shorewall, can open web pages but unable to login to email accounts
On Sunday 15 January 2006 05:45, anuj singh wrote:> Squid on firewall port 8080, shorewall version 2.4.3, Linux SUSE > eth1(zone net) = connected to isp, eth0 = local (zone loc) > > I tried this in my /etc/shorewall/rules file > ACCEPT fw net > REDIRECT loc 8080 tcp www - - > still the situation is same...I can open websites but can not login to > email accounts via squid.What does that mean? Are these HTTPS web sites where you have webmail accounts or something? I ask because normally Squid has nothing to do with email. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
anuj singh
2006-Jan-16 04:47 UTC
Re: squid on shorewall, can open web pages but unable to login to email accounts
Yes these are HTTPS sites. After entering the user name and password it just keeps on searching and page not found error occurs, on the other hand pages are opening without any error. thanks n regards anuj On 1/15/06, Tom Eastep <teastep@shorewall.net> wrote:> On Sunday 15 January 2006 05:45, anuj singh wrote: > > Squid on firewall port 8080, shorewall version 2.4.3, Linux SUSE > > eth1(zone net) = connected to isp, eth0 = local (zone loc) > > > > I tried this in my /etc/shorewall/rules file > > ACCEPT fw net > > REDIRECT loc 8080 tcp www - - > > still the situation is same...I can open websites but can not login to > > email accounts via squid. > > What does that mean? Are these HTTPS web sites where you have webmail accounts > or something? I ask because normally Squid has nothing to do with email. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > >-- ===========Linux Rocks ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
Tom Eastep
2006-Jan-16 14:44 UTC
Re: squid on shorewall, can open web pages but unable to login to email accounts
On Sunday 15 January 2006 20:47, anuj singh wrote:> Yes these are HTTPS sites. After entering the user name and password > it just keeps on searching and page not found error occurs, on the > other hand pages are opening without any error. > thanks n regardsYou must use manual proxying with HTTPS. So: a) Configure your web browers to use the firewall as an HTTPS proxy. b) Be sure that TCP port 443 is open from loc->fw; and c) Be sure that TCO port 443 is open from from fw->net. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Wong Chee Chun
2006-Jan-16 19:37 UTC
Re: squid on shorewall, can open web pages but unable to login to email accounts
It would be more helpful if you can provide us the configuration of your squid and your squid''s logfiles also. By the way, which version of Squid are you using? Here, we have no problem dealing with Squid + Shorewall. Oh yeah, i thought Squid supposed to be running on port 3128 by default, right? On 1/16/06, anuj singh <anujhere@gmail.com> wrote:> Yes these are HTTPS sites. After entering the user name and password > it just keeps on searching and page not found error occurs, on the > other hand pages are opening without any error. > thanks n regards > anuj > > > > On 1/15/06, Tom Eastep <teastep@shorewall.net> wrote: > > On Sunday 15 January 2006 05:45, anuj singh wrote: > > > Squid on firewall port 8080, shorewall version 2.4.3, Linux SUSE > > > eth1(zone net) = connected to isp, eth0 = local (zone loc) > > > > > > I tried this in my /etc/shorewall/rules file > > > ACCEPT fw net > > > REDIRECT loc 8080 tcp www - - > > > still the situation is same...I can open websites but can not login to > > > email accounts via squid. > > > > What does that mean? Are these HTTPS web sites where you have webmail accounts > > or something? I ask because normally Squid has nothing to do with email. > > > > -Tom > > -- > > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > > Shoreline, \ http://shorewall.net > > Washington USA \ teastep@shorewall.net > > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > > > > > > > -- > ===========> Linux Rocks > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_idv37&alloc_id865&opclick > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Regards, Wong Chee Chun Network Engineer Softmy Co. Ltd (http://www.softmy.com) ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
anuj singh
2006-Jan-17 05:21 UTC
Re: squid on shorewall, can open web pages but unable to login to email accounts
Thanks! The problem has been solved with your suggestion i.e. a) Configured my web browers to use the firewall as an HTTPS proxy. b) Opend my port 443 on firewall for local open from loc->fw; and c) TCP port 443 is open from from fw->net. regards Anuj On 1/16/06, Tom Eastep <teastep@shorewall.net> wrote:> On Sunday 15 January 2006 20:47, anuj singh wrote: > > Yes these are HTTPS sites. After entering the user name and password > > it just keeps on searching and page not found error occurs, on the > > other hand pages are opening without any error. > > thanks n regards > > You must use manual proxying with HTTPS. So: > > a) Configure your web browers to use the firewall as an HTTPS proxy. > b) Be sure that TCP port 443 is open from loc->fw; and > c) Be sure that TCO port 443 is open from from fw->net. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > >-- ===========Linux Rocks ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642