Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Dear All,
Sorry have to ask this newbie questions in this linux questions. I already search and using many tutorial via google, but not solve my problem....
I'm testing using RHEL 5 and Squid 2.6.STABLE6, with using 2 NIC which is 192.168.1.200 (ETH0/INTERNET) and 192.168.3.1 (ETH1/LAN). I already setup my DNS in /etc/resolv.conf ! My questions is :
- When I put ETH1-off ETH0-on, I could connect to internet, but when i put ETH1-on ETH0-on, I couldn't connect to internet. Why ? Did i should route the traffic from ETH1 to ETH0 and vice versa ?
- I follow each step in this link and edit line :
You didn't read well the article, or the command.
That iptables rule should be applied to your *internal interface/LAN interface*, and your LAN interface is eth1, not eth0
@none-sense, you must give us more precise explanation. "I could connect to internet" can mean many things. Ping, traceroute, FTP, SSH, SMTP, POP3, HTTP (Surfing) are all ways to "connect" to the internet!! So please explain:
- When you activate both NIC's, are you able to ping 8.8.8.8 from RHEL 5?
- When you activate both NIC's, are you able to ping 8.8.8.8 from PC's on your LAN segment?
@HasC & @DrLove73 :
thanks for your responds....
sorry, to not put correct information....
when i said can't connect to internet, it means when I ping to my DNS said network unreacheable. But when I ping to my gateway (192.168.1.1 -- Router) it said reply. In that position both ETH0 and ETH1 in active position....
But when I active ETH0 and non active ETH1, when i ping my gateway and my DNS.
That's what I means, hope it clear enough....
I will presume you are talking about pinging your DNS from RHEL itself.
In that case, I also presume that you have put GATEWAY information on your eth1 interface (LAN) witch is incorect. Only settings to put on the LAN interface is IP and NETMASK, and deliberately OMIT GATEWAY. If you have multiple subnets on LAN segment, then use /etc/sysconfig/network-interfaces/route-eth1 file to add routing information for those subnets.
If this is not the case, and this does not help, please post output of the commands "ip address" and "ip route" (you must run them as root, or "su -") and/or contents of /etc/sysconfig/network-interfaces/ifcfg-eth0 and ifcfg-eth1.
I will presume you are talking about pinging your DNS from RHEL itself.
In that case, I also presume that you have put GATEWAY information on your eth1 interface (LAN) witch is incorect. Only settings to put on the LAN interface is IP and NETMASK, and deliberately OMIT GATEWAY. If you have multiple subnets on LAN segment, then use /etc/sysconfig/network-interfaces/route-eth1 file to add routing information for those subnets.
If this is not the case, and this does not help, please post output of the commands "ip address" and "ip route" (you must run them as root, or "su -") and/or contents of /etc/sysconfig/network-interfaces/ifcfg-eth0 and ifcfg-eth1.
@ DrLove73 :
thank you for your advise..
now i already connect my RHEL to internet and use my RHEL to reply your posting. I change my gateway in ETH1 from 192.168.3.1(ETH1 IP Address) to 192.168.1.200 (ETH0 IP Address) ! Voila....
But now, after I add my laptop and using my RHEL as squid proxy, I couldn't access internet via my laptop. I already input in my laptop IP Address RHEL as proxy and using port 3128. But my laptop could access internet, did i do something wrong ?
this what i do :
Code:
/etc/squid/squid.conf :
http_port 3128
acl LAN src 192.168.3.0/24
http_access allow LAN
# ip route
192.168.3.0/24 dev eth1 proto kernel scope link src 192.168.3.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.200
169.254.0.0/16 dev eth1 scope link
default via 192.168.1.1 dev eth0
from ifcfg-eth1 totally. It is not needed and even not wanted there.
Using internet connection is more then http proxy.
1. Set DNS caching server on RHEL and use RHEL LAN IP 192.168.3.1 for Primary DNS on your LAN - laptop. Secondary DNS field leave empty. This is not necessary but highly recommended.
2. Set RHEL to SNAT your local LAN segment, MASQUERADE-ing, then use
Code:
ping 8.8.8.8 -t
to see if you have it right. If you are not able to ping IP addresses on the internet, IP! not domain name! then SNAT is not done properly.
3. When pinging of internet IPs works, try pinging domain names like www.google.com to check if your DNS server is working.
Bare in mind that SQUID is proxying only a part of the traffic, so you need DNS and SNAT working.
Delete from ifcfg-eth1 totally. It is not needed and even not wanted there.
Using internet connection is more then http proxy.
1. Set DNS caching server on RHEL and use RHEL LAN IP 192.168.3.1 for Primary DNS on your LAN - laptop. Secondary DNS field leave empty. This is not necessary but highly recommended.
2. Set RHEL to SNAT your local LAN segment, MASQUERADE-ing, then use
Code:
ping 8.8.8.8 -t
to see if you have it right. If you are not able to ping IP addresses on the internet, IP! not domain name! then SNAT is not done properly.
3. When pinging of internet IPs works, try pinging domain names like www.google.com to check if your DNS server is working.
Bare in mind that SQUID is proxying only a part of the traffic, so you need DNS and SNAT working.
Thank you for your response....
I could ping 8.8.8.8 and www.google.com directly from my RHEL box, but from my laptop still couldn't ping.
My next job is setup DNS caching server on my RHEL box, right ?
AND SNAT, since your laptop is reporting 192.168.3.x to the rest of the internet servers/routers, and they can/will not understand it, that is why you NEED to setup SNAT. Once you do, laptop's IP will be masked and will use RHEL's IP on the outside (internet). You might even need to activate FORWARDING.
If you have not paid for RHEL, better use ClearOS 5.x, free server/gateway/firewall/proxy based on RHEL. It has nice web interface and everiting is already set up, all you need to do is to activate what you want.
Since you do not have any notion of Network, it will be VERY hard to explain to you every little detail. And frankly, I am not up to it. There are lot of documents that explain networking, even the basics. So better use ClearOS, it will be much easier.
AND SNAT, since your laptop is reporting 192.168.3.x to the rest of the internet servers/routers, and they can/will not understand it, that is why you NEED to setup SNAT. Once you do, laptop's IP will be masked and will use RHEL's IP on the outside (internet). You might even need to activate FORWARDING.
If you have not paid for RHEL, better use ClearOS 5.x, free server/gateway/firewall/proxy based on RHEL. It has nice web interface and everiting is already set up, all you need to do is to activate what you want.
Since you do not have any notion of Network, it will be VERY hard to explain to you every little detail. And frankly, I am not up to it. There are lot of documents that explain networking, even the basics. So better use ClearOS, it will be much easier.
Thank you for your response....
I learn about network by my self and i think i need to read tons of documents about network...
But, thank you so much for your attention and your previous link... sorry because i'm newbie in linux...
i like to setup something from zero even it make me confuse and headache, hahaha.... that's why i learn using linux...
GBU always...
My learning curve with Linux networking involved ClearOS predecessor ClarkConect. While messing with that one I truly started to understand Linux networking.
My learning curve with Linux networking involved ClearOS predecessor ClarkConect. While messing with that one I truly started to understand Linux networking.
Nice to shared your experience with me...
I already download the ClearOS and I will installed it soon as possible, and maybe if i got something wrong, i will posted....
Thanks for your help and attention....
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
