Mailinglist Archive: opensuse (4294 mails)

< Previous Next >
Re: [opensuse] Accepting all in the FORWARD chain
  • From: Peder <suseuser@xxxxxxxxxxx>
  • Date: Thu, 14 Dec 2006 09:33:13 +0100 (CET)
  • Message-id: <Pine.LNX.4.64.0612140916490.20449@xxxxxxxxxxxxxxxxx>
So let me get this straight. You use the squid box as default gateway for your
internal machines even though it only has one NIC, and then you have the
router as default gateway for the squid
And you say it drops "some" packages, but not all.
Which packages does it drop?

Correct. I also have it set up so that my internal web servers don't
get "squidded".
It seems to have dropped the initial http requests tom my internal web
but eventually let them through, resulting in an initial delay of
a second or two.

But I have to say, I've never had much luck with implementing a router with
only one NIC, on any platform. Your squid box is effectively a router, and as
such should have two NICs

Well it works just fine with only one :)
It's not really a router either since for all non http traffic it
only sees the outgoing traffic. All returning goes straight to
the clients since there's no masquerading going on.

I have now ditched SuSEfirewall2 and gone back to using my own fw ruleset
and now it's up and running.
The only problem I got by that is that the /proc/sys/net/ipv4/ip_forward
got set to 0. I checked that boot.ipconfig set it to 1 and even mande
an entry in sysctl.conf but something later on in the startup routine
still changed it. I ended up having to set it in my fw-script startup.

- Peder

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups