![](https://seccdn.libravatar.org/avatar/40d3a23f65459d7536935ef2f2d64a4c.jpg?s=120&d=mm&r=g)
On Tue, 12 Dec 2006, Anders Johansson wrote:
On Tuesday 12 December 2006 18:51, Hoper Edei Deixai wrote:
Maybe you meant "drop some packets" :-P
Heh! (On a side note, I tried uninstalling MozillaFirefox and this is what I got: [root@squid ~]# rug remove -N MozillaFirefox Waking up ZMD...Done Resolving Dependencies... The following packages will be removed: 3ddiag 0.738-29 (system) cabextract 1.2-16 (system) CheckHardware 0.1-1017 (system) desktop-translations 10.1-66 (system) evms-gui 2.5.5-67 (system) ghostscript-x11 8.15.3-24 (system) lsb 3.1-22 (system) MozillaFirefox 2.0-30 (system) numlockx 1.1-23 (system) openssh-askpass 4.4p1-24 (system) opensuse-manual_en 10.2-28 (system) sax2-gui 8.1-83 (system) tightvnc 1.2.9-224 (system) unclutter 8-874 (system) x11 10.2-145 (system) pattern:x11-10.2-145.i586[System packages] dependend on MozillaFirefox pattern:x11-10.2-145.i586[System packages] is missing the requirement MozillaFirefox x11-input-synaptics 0.14.6-24 (system) x11-input-wacom 0.7.6-18 (system) x11-tools 0.1-57 (system) xaw3d 1.5E-263 (system) xdg-utils 1.0.1-7 (system) xdmbgrd 0.6-21 (system) xkeyboard-config 0.9-24 (system) xlockmore 5.23-11 (system) xorg-x11-libX11-ccache 7.2-12 (system) xtermset 0.5.2-153 (system) yast2-control-center 2.14.1-6 (system) how the f*#%k can all these packages depend on Firefox beind installed?? Talk about dependency hell.)
Is packet forwarding enabled? (i.e.: /proc/sys/net/ipv4/ip_forward set to 1). Did you put the appropriate rules in POSTROUTING chain?
Packet forwarding is enabled and I don't need any POSTROUTING rules.
The rule says to forward to 0/0, not from, which should be safe enough But given that the network is 10.x.x.x, which is private, I wonder if perhaps masquerading shouldn't be used instead, since otherwise it won't be possible to reach external addresses
Nope, I don't need masquerading, the squid box sits before my firewall (and has only one NIC). The idea is that the client PC's are default routed to the squid box. Outgoing web requests are captured by a PREROUTING rule to hand them over to squid. All other traffic should just be forwarded to the default route of the squid box, which is my firewall. I've had this setup on an Mandriva box before so I know it works, it's just the antics of SuSEfirewall2 and how to completely allow forwarding in it I don't quite grasp. - Peder -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org