Shorewall users - Sep 2002 - Connection refused - Squid and Shorewall

I''m trying to set up a very basic two-interface Shorewall firewall to
be
used in conjunction with Squid. I extracted the two-interfaces.tgz files to
/etc/shorewall and added the line:
REDIRECT  loc  3128 tcp www
to my /etc/shorewall rules file.

I have Squid working without Shorewall. Unfortunately, when I start
Shorewall, I can no longer browse the web and I get the following message
when trying to access any website:

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://my.yahoo.com/
The following error was encountered:
Connection Failed
The system returned:
    (111) Connection refused
The remote host or network may be down. Please try the request again.
Your cache administrator is root.

Generated Fri, 06 Sep 2002 18:43:45 GMT by ip68-104-175-241.ph.ph.cox.net
(Squid/2.4.STABLE6)

 I''m using the LATEST version of Shorewall as of yesterday with Red Hat
7.3
(I installed
it with the RPM).

I have the appropriate acl listed in my squid.conf, which is how I''m
able to
browse the web when I''m not running Shorewall. As soon as I do a
''shorewall
clear'' I can browse the web again. Does anyone know what else I might
need
to do to my Shorewall or Squid configurations?

If you need any additional information, please let me know.

Thanks for your help!

--sr

Programs running on your firewall don''t have access to the internet by
default--unless you''ve added a "fw all ACCEPT" line to your
policy file,
that''s probably the issue. Add the following line to your rules file:

ACCEPT	fw	net	tcp	http

That should do it. Tom covers this in the documentation--see example 2 at
<http://www.shorewall.net/Documentation.htm#Rules>. There have also been
several previous discussions--go to
<http://shorewall.net/htdig/search.html>
and search the mailing list archives for "squid transparent proxy".

  - Bradey


-----Original Message-----
From: sr [mailto:penguin@oberonnetworks.com]
Sent: Friday, September 06, 2002 11:53 AM
To: Shorewall
Subject: [Shorewall-users] Connection refused - Squid and Shorewall


I''m trying to set up a very basic two-interface Shorewall firewall to
be
used in conjunction with Squid. I extracted the two-interfaces.tgz files to
/etc/shorewall and added the line:
REDIRECT  loc  3128 tcp www
to my /etc/shorewall rules file.

I have Squid working without Shorewall. Unfortunately, when I start
Shorewall, I can no longer browse the web and I get the following message
when trying to access any website:

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://my.yahoo.com/
The following error was encountered:
Connection Failed
The system returned:
    (111) Connection refused
The remote host or network may be down. Please try the request again.
Your cache administrator is root.

Generated Fri, 06 Sep 2002 18:43:45 GMT by ip68-104-175-241.ph.ph.cox.net
(Squid/2.4.STABLE6)

 I''m using the LATEST version of Shorewall as of yesterday with Red Hat
7.3
(I installed
it with the RPM).

I have the appropriate acl listed in my squid.conf, which is how I''m
able to
browse the web when I''m not running Shorewall. As soon as I do a
''shorewall
clear'' I can browse the web again. Does anyone know what else I might
need
to do to my Shorewall or Squid configurations?

If you need any additional information, please let me know.

Thanks for your help!

--sr

_______________________________________________
Shorewall-users mailing list
Shorewall-users@shorewall.net
http://www.shorewall.net/mailman/listinfo/shorewall-users