Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-15-2006, 01:13 PM
|
#1
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Rep:
|
proxy/dansguardian trouble
This is my network:
Firewall
|
|
|
PROXY(Squid/Dansgaurdian)
|
|
|
workstation-------(Thunderbird)
I use squid for a proxy and Dansguardian for Filtering. When I try and setup POP3 using thunderbird it does not work. I have setup the proxy settings in thunderbird and also cleared the settings in thunderbird and it still does not work. I ran a traceroute and it stops at my proxy. I can ping MTA/SMTP server from my proxy so I know it is my proxy. I looked at the filter rules in Dansguardian and I do not see anything unusual. I dont think that I understand this correctly but I thought that when using a proxy which I have all my internet traffic going through port 3128 only affects websites that want to be accessed. I have even whitelisted in Dansguardian the mail domain example mail.verizon.net and still I cannot get to the domain.
Last edited by metallica1973; 04-17-2006 at 09:37 AM.
|
|
|
04-17-2006, 01:11 AM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
dansguardian is a http content filter. why do you think that it is related to the routing of pop3 packets? you need to enable ip forwarding to make the box actually route traffic.
|
|
|
04-17-2006, 09:43 AM
|
#3
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
But isnt my proxy server already routing traffic,any of my workstations on my network can go to the internet through my proxy.Let me clarify myself. I can ping mail.verizon.net from my proxy but I cannot ping that same mail.verizon.net from behind my proxy from any workstation so therefore I cannot use my pop3 using thunderbird.
Firewall
|
|
|
PROXY(Squid/Dansgaurdian)
(mail.verizon.net can be pinged from here)
|
|
|
workstation-------(Thunderbird)
(mail.verizon.net cannot be pinged from this point)
|
|
|
04-17-2006, 09:52 AM
|
#4
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
an http proxy does not route a single thing. that's what a proxy is there for.. to not need to route traffic. in a proxy, you ask the proxy server to go away and get a webpage for you. without a proxy it is you that goes out onto the web to get the http data. if your proxy server was doing routing then you would be able to ping from behind it, not just on it. that's the first thing you'd do to test whether you're routing or not - can i ping google.com?
so you need to enable ip forwarding and masquarading on your proxy machine to let it act as a router too.
|
|
|
04-17-2006, 10:55 AM
|
#5
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
so what I have to do it enable iptables and add:
ECHO 1 > /PROC/SYS/IPV4/IP_FORWARD
$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE
would that be sufficient or is there a preferred method. thanks
|
|
|
04-17-2006, 12:14 PM
|
#6
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
that would work if 1) it was in the right case and 2) you reliase that $EXTIF is a variable for the script this was copied from, and would be replaced by your external nic alias if you just use those commands directly.
i wouild personally recommend using a firewall tool like firestarter which as well as giving you a decent firewall config will enabled tweaks like this for erm.. "free" as it were.
|
|
|
04-18-2006, 12:10 AM
|
#7
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
I'll give it a shot. Thanks
|
|
|
04-20-2006, 11:36 PM
|
#8
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
I made some adjustments and it worked like a charm.
Last edited by metallica1973; 04-21-2006 at 12:27 AM.
|
|
|
04-21-2006, 12:23 AM
|
#9
|
Senior Member
Registered: Feb 2003
Location: Washington D.C
Posts: 2,190
Original Poster
Rep:
|
You were right, Acid Keypie, it was the routing. This is what I did to resolve the issue for future readers:
1 - Redesigned my network and realized that routers cannot route in the same subnet (Lesson Learned).Ex 192.168.3.0 <<--->> 192.168.3.0
2 - After I designed my new network I use nmap,traceroute and ping to troubleshoot any issues that I was having with routing and security.
3 - Designed a very basic Firewall script to route to my different subnets for my Proxy/Router.
4 - I had to make some minor adjustments to my squid.conf (Squid) and dansguardian (ContentFilter) to get them to point to the correct interfaces and or IP address.
5 - Finally I was able to use POP3 (110) and SMTP (25) was able to use Thunderbird and other services outside of my network.
6 - After several hours of a tedious but meaningful learning experience I bought a huge bottle of wine and and gladfully celebrated! Cheers!!!!!
Here is the end result from a not routing network to a routing OneHop network:
Firewall
(192.168.3.0)
|
|
(192.168.3.0)
PROXY(Squid/Dansgaurdian)
(192.168.3.0)
(mail.verizon.net can be pinged from here)
|
|---------------------Wireless AP-----Laptops - Thunderbird
| (mail.verizon.net cannot be pinged from this point
(192.168.3.0)
workstation-------(Thunderbird)
(mail.verizon.net cannot be pinged from this point)
New Network
Filtering Firewall
(192.168.2.0)
|
|
(192.168.3.0)
PROXY/Router-no filtering(Squid/Dansgaurdian)
(192.168.4.0)
(successful reply from mail.verizon.net)
|
|---------------------Wireless AP-----Laptops - Thunderbird
| (successful reply from mail.verizon.net)
(192.168.4.0)
workstations-------(Thunderbird)
(successful reply from mail.verizon.net )
Last edited by metallica1973; 04-21-2006 at 05:48 PM.
|
|
|
All times are GMT -5. The time now is 04:31 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|