I''m trying to set up a very basic two-interface Shorewall firewall to be used in conjunction with Squid. I extracted the two-interfaces.tgz files to /etc/shorewall and added the line: REDIRECT loc 3128 tcp www to my /etc/shorewall rules file. I have Squid working without Shorewall. Unfortunately, when I start Shorewall, I can no longer browse the web and I get the following message when trying to access any website: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://my.yahoo.com/ The following error was encountered: Connection Failed The system returned: (111) Connection refused The remote host or network may be down. Please try the request again. Your cache administrator is root. Generated Fri, 06 Sep 2002 18:43:45 GMT by ip68-104-175-241.ph.ph.cox.net (Squid/2.4.STABLE6) I''m using the LATEST version of Shorewall as of yesterday with Red Hat 7.3 (I installed it with the RPM). I have the appropriate acl listed in my squid.conf, which is how I''m able to browse the web when I''m not running Shorewall. As soon as I do a ''shorewall clear'' I can browse the web again. Does anyone know what else I might need to do to my Shorewall or Squid configurations? If you need any additional information, please let me know. Thanks for your help! --sr
Bradey Honsinger
2002-Sep-06 21:13 UTC
[Shorewall-users] Connection refused - Squid and Shorewall
Programs running on your firewall don''t have access to the internet by default--unless you''ve added a "fw all ACCEPT" line to your policy file, that''s probably the issue. Add the following line to your rules file: ACCEPT fw net tcp http That should do it. Tom covers this in the documentation--see example 2 at <http://www.shorewall.net/Documentation.htm#Rules>. There have also been several previous discussions--go to <http://shorewall.net/htdig/search.html> and search the mailing list archives for "squid transparent proxy". - Bradey -----Original Message----- From: sr [mailto:penguin@oberonnetworks.com] Sent: Friday, September 06, 2002 11:53 AM To: Shorewall Subject: [Shorewall-users] Connection refused - Squid and Shorewall I''m trying to set up a very basic two-interface Shorewall firewall to be used in conjunction with Squid. I extracted the two-interfaces.tgz files to /etc/shorewall and added the line: REDIRECT loc 3128 tcp www to my /etc/shorewall rules file. I have Squid working without Shorewall. Unfortunately, when I start Shorewall, I can no longer browse the web and I get the following message when trying to access any website: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://my.yahoo.com/ The following error was encountered: Connection Failed The system returned: (111) Connection refused The remote host or network may be down. Please try the request again. Your cache administrator is root. Generated Fri, 06 Sep 2002 18:43:45 GMT by ip68-104-175-241.ph.ph.cox.net (Squid/2.4.STABLE6) I''m using the LATEST version of Shorewall as of yesterday with Red Hat 7.3 (I installed it with the RPM). I have the appropriate acl listed in my squid.conf, which is how I''m able to browse the web when I''m not running Shorewall. As soon as I do a ''shorewall clear'' I can browse the web again. Does anyone know what else I might need to do to my Shorewall or Squid configurations? If you need any additional information, please let me know. Thanks for your help! --sr _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users