On Thursday 14 October 2004 13:48, Raul H. Lapitzondo wrote:
Thanks again
Jeffrey Laramie wrote:
Are you having any problems reaching the firewall/server from the LAN?
to internet: no problem, but i have problem to connect with any vhost (some virtual domain running in the server) or for send email through my email server, using internal pc lan. if I try to connect from outside (cybercafe) i don't have any kind of problems (i can check my email and i can relay through my server ) Thats why i think the problem start whith the forward rules define at the firewall. (you can check this at the bottom of the original mail)
OK, so you have a good hardware connection. I don't use SuSEfirewall but the forwarding rule does look suspicious. (Anyone else who does can feel free to jump in anytime :-) Post the printout from:
iptables -L -t nat
# iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:http redir ports 3128 REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:smtp redir ports 3128 REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:pop3 redir ports 3128 REDIRECT tcp -- 192.168.0.0/24 anywhere tcp dpt:imap redir ports 3128
Here you are redirecting all the traffic coming from the LAN on ports 80, 110, 25 , ect. to port 3128 on the host machine. Are you running a proxy on port 3128? If so, only the internal LAN (192.168.0.0/24) is using the proxy port. Also you have all the services redirected to the same port. This seems odd to me. You don't have any REDIRECT rules for traffic coming in on 192.168.1.0/24 so the internet traffic is still going to the standard ports (assuming your filter rules don't block it). If the services work from the internet you may want to change or remove the REDIRECT rules from the LAN IPs and see if that helps. Jeff