I guess I said pretty much everything. I have 2 NICs, eth0 connects to the net, eth1 to the LAN, and I'm trying to set up ICS for my LAN. I had a previously working configuration of shorewall from a former Mandrake install, so I simply copied the config files from the Mandrake distro to the Gentoo box, set up squid and a DNS server just like the MDK box, started up everything and I have only surprises ever since...
I got the DNS and ping to work from inside the network to the wilderness, as in I can ping another workstation in the LAN, I can ping the fw, remote DNS server, several sites located in my country. FTP access works from inside the lan to the net, BUT... when I type
http://www.google.com woops.. "The page cannot be displayed"... ping
www.google.com... request timeout... I tried pinging some server inside my country and the pings come back, but IE... "The page cannot be displayed". I set the proxy settings to auto-detect, tried Fireox in Win/Linux, Links, u name it, I tried it... This post I'm writing from the firewall, so my Internet is up, google works, everything...
These are my rules...
Code:
ACCEPT fw loc udp 137:139
ACCEPT fw loc tcp 137,139,445
ACCEPT fw loc udp 1024: 137
ACCEPT loc fw udp 137:139
ACCEPT loc fw tcp 137,139,445
ACCEPT loc fw udp 1024: 137
ACCEPT fw net udp 137:139
ACCEPT fw net tcp 137,139,445
ACCEPT fw net udp 1024: 137
ACCEPT net fw udp 137:139
ACCEPT net fw tcp 137,139,445
ACCEPT net fw udp 1024: 137
ACCEPT fw net tcp 6969,5154,5150,1234,9176,21,2121,80,8080,6666,6667
ACCEPT fw net udp 6969,5154,5150,1234,9176,21,2121,80,8080,6666,6667
ACCEPT net fw tcp 6969,5154,5150,1234,9176,21,2121,80,8080,6666,6667
ACCEPT net fw udp 6969,5154,5150,1234,9176,21,2121,80,8080,6666,6667
ACCEPT fw loc tcp 2121,21,80,8080
ACCEPT fw loc udp 2121,21,80,8080
ACCEPT loc fw tcp 2121,21,80,8080
ACCEPT loc fw udp 2121,21,80,8080
ACCEPT net fw tcp 6881:6889,6969
ACCEPT fw net tcp 6881:6889,6969
REDIRECT loc 3128 tcp www -
ACCEPT fw net tcp www
AllowPing loc fw
AllowDNS loc fw
AllowWeb all net
My masq file from /etc/shorewall:
eth0 192.168.0.0/255.255.255.0
(eth0 is the net NIC, 192.168.0.0 is the LAN)
And ip-forwarding...
Code:
shorewall # cat /proc/sys/net/ipv4/ip_forward
1