On Wednesday 13 December 2006 08:22, suseuser@freeway.org wrote:
Nope, I don't need masquerading, the squid box sits before my firewall (and has only one NIC). The idea is that the client PC's are default routed to the squid box. Outgoing web requests are captured by a PREROUTING rule to hand them over to squid. All other traffic should just be forwarded to the default route of the squid box, which is my firewall.
So let me get this straight. You use the squid box as default gateway for your internal machines even though it only has one NIC, and then you have the router as default gateway for the squid And you say it drops "some" packages, but not all. Which packages does it drop? BTW, I wouldn't have set it up that way, I would have done it on the router, with a redirect of web traffic to the squid box and a normal masquerading for everything else
I've had this setup on an Mandriva box before so I know it works, it's just the antics of SuSEfirewall2 and how to completely allow forwarding in it I don't quite grasp.
As far as I know, FW_ROUTE="yes" and your FW_FORWARD rule should be enough But I have to say, I've never had much luck with implementing a router with only one NIC, on any platform. Your squid box is effectively a router, and as such should have two NICs -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org