Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Anway, got myself a copy of Suse 9.3 and everything has setup great. It is currently running as a router between the internet and my Windows boxes on the internal network. However, now I want to use Squid to handle all requests for web pages, and block everything else unless I add it to the allow list.
Squid works fine and every computer on the network can use it, but even though I have setup the firewall to deny all other access from the internal network the other computers can still browse as normal, access ftp through it etc.
The firewall is Susefirewall 2, and access is blocked from the internal network with this command in the sysconfig/susefirewall2.conf:
Here are my thoughts. DHCP responds to DHCP queries by sending packets to the IP address 255.255.255.255, so my first guess is that you will have to add that host to your routeing table:
eth1 is your intranet interface, right?
route add -host 255.255.255.255 dev eth1
If you don't set the device to eth1, replies will come out... but by eth0... but maybe I'm plain worng here. Can anybody correct this?
Continuing.... let's suppose that the route is not the problem. You also need to check the rules in the chain input_int, cause your firewall is traversing that chain when it receives a packet to stablish a new connection from your intranet. So why don't you tell us the output of iptables -L input_int -nv?
That's the opening for DHCP. That leads me to think it's the routing problem. Maybe you can use a sniffer to check for the traffic between the client and the server to make sure what's going on.
Now, to FORBID acess to other computers to internet (only available to them by squid), you have to check the rules in the FORWARD table... and the forward policy. See, packets going to internet from other hosts wont traverse the INPUT chain... but FORWARD.