Shorewall users - Jan 2005 - proxyarp IP problem after squid installed.

Hello All,
 
I am using shorewall 2.0.7. first i give you my config here and will tell you my
problem.
 
ProxyARP:
203.77.204.85   eth1            eth0            no
 
Interface: 
 net    eth0            203.77.204.87
 loc    eth1            192.168.0.255   routeback
 
Masq :
eth0                   192.168.0.0/24  203.77.204.86
 
Rules:
# Squid access
REDIRECT loc           8080            tcp     www      -      !192.168.0.100
ACCEPT  loc             fw              tcp     8080
ACCEPT  fw              net             tcp     www

Policy : 
loc             net             ACCEPT
net             all             DROP            info
all             all             REJECT          info

now my problem as below:
 
- Before i donot use squid as proxy.
- I used masq to surf net from all systems.
- and i use proxyarp for another system to give real IP and local IP both , to
use www from external and internal side. i was able to use external IP in my
LAN.
like:  firewall have 203.77.204.86 and 192.168.0.100
another system have 192.168.0.1 to 192.168.0.77 as i have 76 another system.
and i use in other system 192.168.0.2 and 203.77.204.85 both IP in one system
and IIS installed. i was able to use both IP in my LAN to use
http://203.77.204.85 and http://192.168.0.2 .
 
but after installed squid proxy now i am not able to use real IP in my LAN but
its works external side . Squid  gives me error -  Connection failed. and in
shorewall gives logs.
Jan  5 19:59:55 mail kernel: Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=192.168.0.100 DST=203.77.204.85 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=25646 DF
PROTO=TCP SPT=37027 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
 
So what is the probelm? can any one help me to solve this problem. 

Thanks
Amit
 
 
 

 
 
 
 


 

		
---------------------------------
Do you Yahoo!?
 Yahoo! Mail - Easier than ever with enhanced search. Learn more.

On Wed, 2005-01-05 at 06:32 -0800, Amit Patel wrote:
> So what is the probelm? can any one help me to solve this problem. 
ACCEPT	fw	loc	tcp	www

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Wed, 2005-01-05 at 07:55 -0800, Tom Eastep wrote:
> On Wed, 2005-01-05 at 06:32 -0800, Amit Patel wrote:
> 
> > So what is the probelm? can any one help me to solve this problem. 
> 
> ACCEPT	fw	loc	tcp	www
> 
Or:

REDIRECT loc 8080  tcp www  - !192.168.0.100,203.77.204.85

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key