I have a little gateway in a Lan where is installed a Mandrake 9, djbdns and shorewall. I read all documentation but I can''t find the reason because masquerade doesn''t work! My gateway have 192.168.1.1 ip and go to internet in a dial-up connection with ippp0. It''s connected to lan with eth0. Djbdns make dns server for my lan and have an internal and external cache. I followed step by step quick start guide "two interfaces" changing eth0 to ippp0 and eth1 to eth0. In the beginning something are logged in /var/log/messages, I insert more rules in rules files until nothing is shown in /var/log/messages But Masquerading doesn''t work still. If I start Shorewall from the local client I can visit webpage through Squid. But if I off the proxy I receive this message: "xxxx.xxx could not be found. Please check the name and try again" Also my ftp client can''t connect to internet without squid. This is the configuration of shorewall in the last try (I done much tries from the quick start guide to other variants): # Shorewall 1.3 /etc/shorewall/zones net Net Internet loc Local Local networks # /etc/shorewall/interfaces net ippp0 - routefilter,norfc1918 loc eth0 detect routestopped # /etc/shorewall/masq ippp0 192.168.1.0/24 # /etc/shorewall/policy loc net ACCEPT net all DROP info all all REJECT info # /etc/shorewall/rules # Accept DNS connections from the firewall to the network ACCEPT fw net tcp 53 53 ACCEPT fw net udp 53 53 ACCEPT fw net tcp 53 1024:65535 ACCEPT fw net udp 53 1024:65535 # Accept DNS connections from the network client to network dns server ACCEPT loc fw tcp 53 ACCEPT loc fw udp 53 # Accept Squid connections from local clients ACCEPT loc fw tcp 3128 # Accept pop and smtp requests from local network ACCEPT loc fw tcp 110 ACCEPT loc fw tcp 25 # Accept pop and smtp requests from mail server to internet ACCEPT fw net tcp 110 ACCEPT fw net tcp 25 # Accept identd ACCEPT net fw tcp 113 # Quiet drop of broadcast requests DROP loc fw udp 631 DROP loc fw udp 137 # Other tries borned from /var/log/messages ACCEPT fw net tcp 80 ACCEPT fw loc tcp 80 ACCEPT loc net tcp 80 # /etc/shorewall/shorewall.conf # only changed this: CLAMPMSS=Yes Pleas help us.... Vincenzo
tarAnta wrote:> I have a little gateway in a Lan where is installed a Mandrake 9, djbdns > and shorewall. > > I read all documentation but I can''t find the reason because masquerade > doesn''t work! > > My gateway have 192.168.1.1 ip and go to internet in a dial-up > connection with ippp0. It''s connected to lan with eth0. Djbdns make dns > server for my lan and have an internal and external cache. > > I followed step by step quick start guide "two interfaces" changing eth0 > to ippp0 and eth1 to eth0. > > In the beginning something are logged in /var/log/messages, I insert > more rules in rules files until nothing is shown in /var/log/messages > > But Masquerading doesn''t work still. > > If I start Shorewall from the local client I can visit webpage through > Squid. But if I off the proxy I receive this message: "xxxx.xxx could > not be found. Please check the name and try again" > Also my ftp client can''t connect to internet without squid. > > This is the configuration of shorewall in the last try (I done much > tries from the quick start guide to other variants): >Your Shorewall configuration looks fine. Have you set the default gateway on your local systems to 192.168.1.1? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep wrote:> Your Shorewall configuration looks fine. Have you set the default > gateway on your local systems to 192.168.1.1? > > -TomSure! I don''t know what kind of test I must still do! and we need so much to have networks good for our work... Do you have some tests to suggest? Vincenzo
tarAnta wrote:> Tom Eastep wrote: > >> Your Shorewall configuration looks fine. Have you set the default >> gateway on your local systems to 192.168.1.1? >> >> -Tom > > > Sure! > > I don''t know what kind of test I must still do! > and we need so much to have networks good for our work... > > Do you have some tests to suggest? >Please send me the output from "shorewall status" -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
tarAnta wrote:> Tom Eastep wrote: > >> Your Shorewall configuration looks fine. Have you set the default >> gateway on your local systems to 192.168.1.1? >> >> -Tom > > > Sure! > > I don''t know what kind of test I must still do! > and we need so much to have networks good for our work... > > Do you have some tests to suggest? >To complete this thread, the problem turned out to be Vincenzo''s DNS configuration. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep wrote:> To complete this thread, the problem turned out to be Vincenzo''s DNS > configuration. >Sure. This error because squid worked good with dns servers of my isp then I don''t thinked the probleb regarded my dns cache. Installing djbdns-extcache found in rpmhelp.net nothing is to be done. Now shorewall and masquerading work fine!! Thanks very much to Tom and his patience. Vincenzo