Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
Anway, got myself a copy of Suse 9.3 and everything has setup great. It is currently running as a router between the internet and my Windows boxes on the internal network. However, now I want to use Squid to handle all requests for web pages, and block everything else unless I add it to the allow list.
Squid works fine and every computer on the network can use it, but even though I have setup the firewall to deny all other access from the internal network the other computers can still browse as normal, access ftp through it etc.
The firewall is Susefirewall 2, and access is blocked from the internal network with this command in the sysconfig/susefirewall2.conf:
Here are my thoughts. DHCP responds to DHCP queries by sending packets to the IP address 255.255.255.255, so my first guess is that you will have to add that host to your routeing table:
eth1 is your intranet interface, right?
route add -host 255.255.255.255 dev eth1
If you don't set the device to eth1, replies will come out... but by eth0... but maybe I'm plain worng here. Can anybody correct this?
Continuing.... let's suppose that the route is not the problem. You also need to check the rules in the chain input_int, cause your firewall is traversing that chain when it receives a packet to stablish a new connection from your intranet. So why don't you tell us the output of iptables -L input_int -nv?
That's the opening for DHCP. That leads me to think it's the routing problem. Maybe you can use a sniffer to check for the traffic between the client and the server to make sure what's going on.
Now, to FORBID acess to other computers to internet (only available to them by squid), you have to check the rules in the FORWARD table... and the forward policy. See, packets going to internet from other hosts wont traverse the INPUT chain... but FORWARD.