Hello Everyone! I am using shorewall-3.0.5 on suse linux. Recently we have implemented dansguardian running on 8080 and squid on port 3128. Previously (before dans guardian) masquerading was working fine but after the implementation of dansguardian masquerading is not working. My rules file has entry Previous entry was ACCEPT loc:192.192.192.3 net REDIRECT loc 8080 tcp www ACCEPT loc fw tcp 443 and masq file has entry: eth1 192.192.192.3 xxx.xxx.xxx.xxx Squid is working fine with dansguardian but I can not brows the web with masquerading. My eth1 is connected to the net and eth0 is connected to the local network. thans and regards Anuj -- ===========Linux Rocks ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
The problem has been solved with adding a redirect entry in my /etc/shorewall/rules file( I redirected my dansguardian runnming on 8080 to squid port on 3128): ACCEPT loc:192.192.192.3 net REDIRECT loc 8080 tcp 3128 ACCEPT loc fw 443 On 2/16/06, anuj singh <anujhere@gmail.com> wrote:> Hello Everyone! > I am using shorewall-3.0.5 on suse linux. > Recently we have implemented dansguardian running on 8080 and squid on > port 3128. > Previously (before dans guardian) masquerading was working fine but > after the implementation of dansguardian masquerading is not working. > My rules file has entry > Previous entry was > > ACCEPT loc:192.192.192.3 net > REDIRECT loc 8080 tcp www > ACCEPT loc fw tcp 443 > > and masq file has entry: > eth1 192.192.192.3 xxx.xxx.xxx.xxx > > Squid is working fine with dansguardian but I can not brows the web > with masquerading. My eth1 is connected to the net and eth0 is > connected to the local network. > thans and regards > Anuj > > > -- > ===========> Linux Rocks >-- ===========Linux Rocks ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
A.Huisman@inter.nl.net
2006-Feb-17 09:56 UTC
Re: Re: dansguardian+squid masquerading not working
On Friday 17 February 2006 06:50, anuj singh wrote:> The problem has been solvedAre you sure ?> with adding a redirect entry in my > /etc/shorewall/rules file( I redirected my dansguardian runnming on > 8080 to squid port on 3128): > ACCEPT loc:192.192.192.3 net > REDIRECT loc 8080 tcp 3128IMHO, this wil do it : REDIRECT loc 8080 tcp 80 Age> ACCEPT loc fw 443 > > On 2/16/06, anuj singh <anujhere@gmail.com> wrote: > > Hello Everyone! > > I am using shorewall-3.0.5 on suse linux. > > Recently we have implemented dansguardian running on 8080 and squid on > > port 3128. > > Previously (before dans guardian) masquerading was working fine but > > after the implementation of dansguardian masquerading is not working. > > My rules file has entry > > Previous entry was > > > > ACCEPT loc:192.192.192.3 net > > REDIRECT loc 8080 tcp www > > ACCEPT loc fw tcp 443 > > > > and masq file has entry: > > eth1 192.192.192.3 xxx.xxx.xxx.xxx > > > > Squid is working fine with dansguardian but I can not brows the web > > with masquerading. My eth1 is connected to the net and eth0 is > > connected to the local network. > > thans and regards > > Anuj > > > > > > -- > > ===========> > Linux Rocks > > -- > ===========> Linux Rocks > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Hello! From local machine the reqests on port 8080(dansguardian running on fw) are redirected to the port 3128 (squid running on fw ). While the machine with 192.192.192.3 in local zone is working fine without configuring proxy for browsing. my /etc/shorewall/rules has entry ACCEPT loc:192.192.192.3 net REDIRECT loc 8080 tcp 3128 ACCEPT loc fw 443 and the masq file has entry ############################################################################### #INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC eth1 192.192.192.3 the /etc/shorewall/policy has entry: # LEVEL loc net ACCEPT fw net ACCEPT net all DROP info all all DROP info #LAST LINE -- DO NOT REMOVE Here my local machine 192.192.192.3 is masqueraded and squid running on port 3128 dansgurdian running on port 8080 squid is working with authentication , then the contenet filtering is working ( i can see blocked sites with denied message) On the other hand masqueraded machines are working fine without configuring proxy for browsing. further on shell #iptables -L loc2fw gives Chain loc2fw (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere multiport dports domain,rndc,pop3,smtp ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy ACCEPT icmp -- anywhere anywhere icmp echo-request DROP all -- anywhere anywhere all2all all -- anywhere anywhere thanks and regards anuj On 2/17/06, A.Huisman@inter.nl.net <A.Huisman@inter.nl.net> wrote:> On Friday 17 February 2006 06:50, anuj singh wrote: > > The problem has been solved > > Are you sure ? > > > with adding a redirect entry in my > > /etc/shorewall/rules file( I redirected my dansguardian runnming on > > 8080 to squid port on 3128): > > ACCEPT loc:192.192.192.3 net > > REDIRECT loc 8080 tcp 3128 > > IMHO, this wil do it : REDIRECT loc 8080 tcp 80 > > > Age > > > ACCEPT loc fw 443 > > > > On 2/16/06, anuj singh <anujhere@gmail.com> wrote: > > > Hello Everyone! > > > I am using shorewall-3.0.5 on suse linux. > > > Recently we have implemented dansguardian running on 8080 and squid on > > > port 3128. > > > Previously (before dans guardian) masquerading was working fine but > > > after the implementation of dansguardian masquerading is not working. > > > My rules file has entry > > > Previous entry was > > > > > > ACCEPT loc:192.192.192.3 net > > > REDIRECT loc 8080 tcp www > > > ACCEPT loc fw tcp 443 > > > > > > and masq file has entry: > > > eth1 192.192.192.3 xxx.xxx.xxx.xxx > > > > > > Squid is working fine with dansguardian but I can not brows the web > > > with masquerading. My eth1 is connected to the net and eth0 is > > > connected to the local network. > > > thans and regards > > > Anuj > > > > > > > > > -- > > > ===========> > > Linux Rocks > > > > -- > > ===========> > Linux Rocks > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > > files for problems? Stop! Download the new AJAX search engine that makes > > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642 > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- ===========Linux Rocks ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642