Hello ! I have installed and configured squid(last version) transparent proxy and i am using shorewall(last version) as a firewall. I have redirected all of my local network''s http requests to the squid port(3128). But, from my local net i cannot ping a remote machine on the internet using his hostname like google.com. I could do it only when i use a ip address. All of computers in the local net have been well configured with a the DNS of my ISP. What''s wrong ? I would grateful if someone could help me to solve this problem emergently. Thanks Didier BAZANGIKA TUTONDELE Ingénieur Technico-commercial SERVIA INFORMATIQUE France
The fact that you''re using squid in transparent mode very probably has nothing to do with this issue. Apparently you''re having trouble doing DNS resolutions. Since you didn''t follow the directions for reporting trouble (http://www.shorewall.net/support.htm#Guidelines) I don''t know how much help people can be for you. Please follow the instructions and I suspect your problem will very quickly be made evident. On Fri, 18 Mar 2005 12:50:26 +0100, Didier Bazangika <didierbaz@servia.fr> wrote:> > > Hello ! > > I have installed and configured squid(last version) transparent proxy and i am using shorewall(last version) as a firewall. I have redirected all of my local network''s http requests to the squid port(3128). But, from my local net i cannot ping a remote machine on the internet using his hostname like google.com. I could do it only when i use a ip address. All of computers in the local net have been well configured with a the DNS of my ISP. > What''s wrong ? > I would grateful if someone could help me to solve this problem emergently. > Thanks > > Didier BAZANGIKA TUTONDELE > Ingénieur Technico-commercial > SERVIA INFORMATIQUE > France > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
Dear friends, Thank you for answer. I send you in attached file the logs that i had when i tried to reconnect from my local net. My firewall server running squid transparent proxy and shorewall is itself behing a zyxel router connected to ADSL. The link between them(firewall and zyxel) is one-to-one nat. All packets arriving from internet pass through the router which redirect them to my firewall for filtering. I believe shorewall has been configured as i want but it could not resolve domain names from my local net and my transparent proxy don''t work(i must configure local machines to use proxy and port 3128 to get it work). I hope these explanations will help you to get exactly my problem. Please see the log file in attached file. Regards, Didier -----Message d''origine----- De : shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] De la part de Gary Buckmaster Envoyé : vendredi 18 mars 2005 15:02 À : Mailing List for Shorewall Users Objet : Re: [Shorewall-users] Using squid transparent proxy and shorewall The fact that you''re using squid in transparent mode very probably has nothing to do with this issue. Apparently you''re having trouble doing DNS resolutions. Since you didn''t follow the directions for reporting trouble (http://www.shorewall.net/support.htm#Guidelines) I don''t know how much help people can be for you. Please follow the instructions and I suspect your problem will very quickly be made evident. On Fri, 18 Mar 2005 12:50:26 +0100, Didier Bazangika <didierbaz@servia.fr> wrote:> > > Hello ! > > I have installed and configured squid(last version) transparent proxy and i am using shorewall(last version) as a firewall. I have redirected all of my local network''s http requests to the squid port(3128). But, from my local net i cannot ping a remote machine on the internet using his hostname like google.com. I could do it only when i use a ip address. All of computers in the local net have been well configured with a the DNS of my ISP. > What''s wrong ? > I would grateful if someone could help me to solve this problem emergently. > Thanks > > Didier BAZANGIKA TUTONDELE > Ingénieur Technico-commercial > SERVIA INFORMATIQUE > France > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >_______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Please follow directions and post exactly what is requested in: http://www.shorewall.net/support.htm#Guidelines
Didier Bazangika wrote:> Dear friends, > Thank you for answer. > I send you in attached file the logs that i had when i tried to reconnect from my local net. My firewall server running squid transparent proxy and shorewall is itself behing a zyxel router connected to ADSL. The link between them(firewall and zyxel) is one-to-one nat. All packets arriving from internet pass through the router which redirect them to my firewall for filtering. I believe shorewall has been configured as i want but it could not resolve domain names from my local net and my transparent proxy don''t work(i must configure local machines to use proxy and port 3128 to get it work). > I hope these explanations will help you to get exactly my problem.I doubt that this is all of your problems but I suggest that you: a) Remove the ''norfc1918'' option from eth0 in your /etc/shorewall/interfaces file. b) You show IP address 100.100.100.1 -- that is not your IP address range (In fact, it is currently not allocated by the IANA)! So all traffic from that host is being dropped by the ''nobogons'' option on eth1. I suggest strongly that you avoid using unallocated IP addresses such as this. In the future, when you see log messages that you don''t understand please consult Shorewall FAQ #17. There you will find instructions for decoding these messages. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key