helge preuss wrote:
Hi everybody, I have a problem with SuSEfirewall2 in SuSE 8.2 I can't seem to get solved. I have a dialin server I want to run squid and the firewall in parallel on, so users can surf with squid as proxy and cache, and connect to the internet with my box as a simple forwarding router on all other protocols. When I disable SuSEfirewall2, squid works as intended, but, of course, no IP forwarding is done. When I start up SuSEfirewall2, I get connection timeout errors from squid, but the forwarding works as I expect. I figure that the connections to port 3128 (where I have squid listening) are forwarded somewhere else? I have a Samba server on my box as well, this is not affected but works with and without the firewall. My relevant settings in /etc/sysconfig/SuSEfirewall2 (hope I caught all relevant ones):
FW_QUICKMODE="no" FW_DEV_EXT="ippp0" FW_DEV_INT="eth0 eth1" Are you sure you have 2 NICs for your internal network? FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" Based on the below, you should set this to 192.168.0.0/24 (not 16) FW_SERVICES_EXT_TCP="139 3128 http ssh" Are you running a http server? If not, this should be just ssh or 22. You should add 139 3128 80 to FW_SERVICES_INT_TCP, and add 137 138 to FW_SERVICES_INT_UDP FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_SQUID="yes" FW_SERVICE_SAMBA="yes" FW_KERNEL_SECURITY="yes" FW_REDIRECT="" # i tried "192.168.0.0/16,0/0,tcp,80,3128" as well, without success This should be 192.168.0.0/24,0/0,tcp,80,3128 as long as squid is configured as a transparent proxy. If not, you need to set up the proxy in each client machine, and FW_REDIRECT is not needed. HTH -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Registered Linux user 231871