Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Anway, got myself a copy of Suse 9.3 and everything has setup great. It is currently running as a router between the internet and my Windows boxes on the internal network. However, now I want to use Squid to handle all requests for web pages, and block everything else unless I add it to the allow list.
Squid works fine and every computer on the network can use it, but even though I have setup the firewall to deny all other access from the internal network the other computers can still browse as normal, access ftp through it etc.
The firewall is Susefirewall 2, and access is blocked from the internal network with this command in the sysconfig/susefirewall2.conf:
Here are my thoughts. DHCP responds to DHCP queries by sending packets to the IP address 255.255.255.255, so my first guess is that you will have to add that host to your routeing table:
eth1 is your intranet interface, right?
Code:
route add -host 255.255.255.255 dev eth1
If you don't set the device to eth1, replies will come out... but by eth0... but maybe I'm plain worng here. Can anybody correct this?
Continuing.... let's suppose that the route is not the problem. You also need to check the rules in the chain input_int, cause your firewall is traversing that chain when it receives a packet to stablish a new connection from your intranet. So why don't you tell us the output of iptables -L input_int -nv?
The other computers were able to access the DHCP service before though, so surely it's more to do with the susefirewall.conf i was tampering with? Interested to hear your therories though
That's the opening for DHCP. That leads me to think it's the routing problem. Maybe you can use a sniffer to check for the traffic between the client and the server to make sure what's going on.
Now, to FORBID acess to other computers to internet (only available to them by squid), you have to check the rules in the FORWARD table... and the forward policy. See, packets going to internet from other hosts wont traverse the INPUT chain... but FORWARD.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.