LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
Reload this Page ICS with shorewall on Gentoo
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-13-2004, 07:00 AM   #1
eqxro
Member
 
Registered: Apr 2004
Location: Outer space :D
Distribution: Gentoo 2005.0 amd64 2.6.14-dfx3
Posts: 203

Rep: Reputation: 30
ICS with shorewall on Gentoo

I guess I said pretty much everything. I have 2 NICs, eth0 connects to the net, eth1 to the LAN, and I'm trying to set up ICS for my LAN. I had a previously working configuration of shorewall from a former Mandrake install, so I simply copied the config files from the Mandrake distro to the Gentoo box, set up squid and a DNS server just like the MDK box, started up everything and I have only surprises ever since...

I got the DNS and ping to work from inside the network to the wilderness, as in I can ping another workstation in the LAN, I can ping the fw, remote DNS server, several sites located in my country. FTP access works from inside the lan to the net, BUT... when I type http://www.google.com woops.. "The page cannot be displayed"... ping www.google.com... request timeout... I tried pinging some server inside my country and the pings come back, but IE... "The page cannot be displayed". I set the proxy settings to auto-detect, tried Fireox in Win/Linux, Links, u name it, I tried it... This post I'm writing from the firewall, so my Internet is up, google works, everything...

These are my rules...

Code:
ACCEPT  fw      loc     udp     137:139
ACCEPT  fw      loc     tcp     137,139,445
ACCEPT  fw      loc     udp     1024:   137
ACCEPT  loc     fw      udp     137:139
ACCEPT  loc     fw      tcp     137,139,445
ACCEPT  loc     fw      udp     1024:   137
ACCEPT  fw      net     udp     137:139
ACCEPT  fw      net     tcp     137,139,445
ACCEPT  fw      net     udp     1024:   137
ACCEPT  net     fw      udp     137:139
ACCEPT  net     fw      tcp     137,139,445
ACCEPT  net     fw      udp     1024:   137
ACCEPT  fw      net     tcp     6969,5154,5150,1234,9176,21,2121,80,8080,6666,6667
ACCEPT  fw      net     udp     6969,5154,5150,1234,9176,21,2121,80,8080,6666,6667
ACCEPT  net     fw      tcp     6969,5154,5150,1234,9176,21,2121,80,8080,6666,6667
ACCEPT  net     fw      udp     6969,5154,5150,1234,9176,21,2121,80,8080,6666,6667
ACCEPT  fw      loc     tcp     2121,21,80,8080
ACCEPT  fw      loc     udp     2121,21,80,8080
ACCEPT  loc     fw      tcp     2121,21,80,8080
ACCEPT  loc     fw      udp     2121,21,80,8080
ACCEPT  net     fw      tcp     6881:6889,6969
ACCEPT  fw      net     tcp     6881:6889,6969
REDIRECT        loc     3128    tcp     www     -
ACCEPT  fw      net     tcp     www
AllowPing       loc     fw
AllowDNS        loc     fw
AllowWeb        all     net
My masq file from /etc/shorewall:
eth0 192.168.0.0/255.255.255.0
(eth0 is the net NIC, 192.168.0.0 is the LAN)

And ip-forwarding...
Code:
shorewall # cat /proc/sys/net/ipv4/ip_forward
1
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
shorewall config question with /etc/shorewall/rules peter72 Linux - Networking 3 01-01-2007 09:33 PM
ICS mandrake munkie_poo Linux - Networking 0 10-10-2004 08:16 AM
ICS like in WinXP.... is there a way? d_w_k102 Linux - Networking 4 04-11-2004 08:29 PM
ICS and Windows Breezwell Linux - Networking 6 01-04-2003 09:08 PM
ICS - XP box has ICS enabled, Linux box to connect, how? Thymox Linux - Networking 16 12-11-2001 09:18 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:22 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration