Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
06-01-2006, 03:58 AM
|
#61
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
If you used the generator at http://www.slackware.com/~alien/efg/ which I pointed you (telling explicitly that I modified it so that it generates a script that will run on Slackware!!!) you would not have had those problems. Maybe you clicked through to the web site of the original Easy Firewall Generator? That one does indeed generate a script that does work for Redhat but is incorrect for Slackware.
My modificated EFG generates this piece of code:
Code:
# IPTables Location - adjust if needed
IPT="/usr/sbin/iptables"
IPTS="/usr/sbin/iptables-save"
IPTR="/usr/sbin/iptables-restore"
Whereas the unmodified EFG script generates this:
Code:
# IPTables Location - adjust if needed
IPT="/sbin/iptables"
IPTS="/sbin/iptables-save"
IPTR="/sbin/iptables-restore"
Eric
|
|
|
06-01-2006, 06:56 AM
|
#62
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
|
|
|
06-01-2006, 07:32 AM
|
#63
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
I have modified the header in the generated script to explicitly tell it is meant for Slackware. Also, I added instructions about where to save the script to so that Slackware will find and automatically start it on boot (you know, the /etc/rc.d/rc.firewall executable file).
Hope you have more luck this time round :-)
Eric
|
|
|
06-01-2006, 04:57 PM
|
#64
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Well, I used your generator and used all of the settings you mentioned and restarted rc.firewall, tinyproxy and dansguardian. There is still no transparent proxy. So here was stand.
rc.firewall
Code:
root@scs:/etc/rc.d# cat /etc/rc.d/rc.firewall | grep -v "^$" | grep -v "^#"
SYSCTL="/sbin/sysctl -w"
IPT="/usr/sbin/iptables"
IPTS="/usr/sbin/iptables-save"
IPTR="/usr/sbin/iptables-restore"
INET_IFACE="eth0"
LOCAL_IFACE="eth1"
LOCAL_IP="192.168.2.1"
LOCAL_NET="192.168.2.0/24"
LOCAL_BCAST="192.168.2.255"
LO_IFACE="lo"
LO_IP="127.0.0.1"
if [ "$1" = "save" ]
then
echo -n "Saving firewall to /etc/sysconfig/iptables ... "
$IPTS > /etc/sysconfig/iptables
echo "done"
exit 0
elif [ "$1" = "restore" ]
then
echo -n "Restoring firewall from /etc/sysconfig/iptables ... "
$IPTR < /etc/sysconfig/iptables
echo "done"
exit 0
fi
echo "Loading kernel modules ..."
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/ip_forward
else
$SYSCTL net.ipv4.ip_forward="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
else
$SYSCTL net.ipv4.tcp_syncookies="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
else
$SYSCTL net.ipv4.conf.all.rp_filter="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
else
$SYSCTL net.ipv4.icmp_echo_ignore_broadcasts="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
else
$SYSCTL net.ipv4.conf.all.accept_source_route="0"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
else
$SYSCTL net.ipv4.conf.all.secure_redirects="1"
fi
if [ "$SYSCTL" = "" ]
then
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
else
$SYSCTL net.ipv4.conf.all.log_martians="1"
fi
echo "Flushing Tables ..."
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -F
$IPT -t nat -F
$IPT -t mangle -F
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X
if [ "$1" = "stop" ]
then
echo "Firewall completely flushed! Now running with no firewall."
exit 0
fi
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
echo "Create and populate custom rule chains ..."
$IPT -N bad_packets
$IPT -N bad_tcp_packets
$IPT -N icmp_packets
$IPT -N udp_inbound
$IPT -N udp_outbound
$IPT -N tcp_inbound
$IPT -N tcp_outbound
$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j LOG \
--log-prefix "Illegal source: "
$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j DROP
$IPT -A bad_packets -p ALL -m state --state INVALID -j LOG \
--log-prefix "Invalid packet: "
$IPT -A bad_packets -p ALL -m state --state INVALID -j DROP
$IPT -A bad_packets -p tcp -j bad_tcp_packets
$IPT -A bad_packets -p ALL -j RETURN
$IPT -A bad_tcp_packets -p tcp -i $LOCAL_IFACE -j RETURN
$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \
--log-prefix "New not syn: "
$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j LOG \
--log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j LOG \
--log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG \
--log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG \
--log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j LOG \
--log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG \
--log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -A bad_tcp_packets -p tcp -j RETURN
$IPT -A icmp_packets --fragment -p ICMP -j LOG \
--log-prefix "ICMP Fragment: "
$IPT -A icmp_packets --fragment -p ICMP -j DROP
$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j DROP
$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
$IPT -A icmp_packets -p ICMP -j RETURN
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 137 -j DROP
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 138 -j DROP
$IPT -A udp_inbound -p UDP -s 0/0 --source-port 67 --destination-port 68 \
-j ACCEPT
$IPT -A udp_inbound -p UDP -j RETURN
$IPT -A udp_outbound -p UDP -s 0/0 -j ACCEPT
$IPT -A tcp_inbound -p TCP -j RETURN
$IPT -A tcp_outbound -p TCP -s 0/0 -j ACCEPT
echo "Process INPUT chain ..."
$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT
$IPT -A INPUT -p ALL -j bad_packets
$IPT -A INPUT -p ALL -d 224.0.0.1 -j DROP
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -s $LOCAL_NET -j ACCEPT
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -d $LOCAL_BCAST -j ACCEPT
$IPT -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED \
-j ACCEPT
$IPT -A INPUT -p TCP -i $INET_IFACE -j tcp_inbound
$IPT -A INPUT -p UDP -i $INET_IFACE -j udp_inbound
$IPT -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
$IPT -A INPUT -m pkttype --pkt-type broadcast -j DROP
$IPT -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-prefix "INPUT packet died: "
echo "Process FORWARD chain ..."
$IPT -A FORWARD -p ALL -j bad_packets
$IPT -A FORWARD -p tcp -i $LOCAL_IFACE -j tcp_outbound
$IPT -A FORWARD -p udp -i $LOCAL_IFACE -j udp_outbound
$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT
$IPT -A FORWARD -i $INET_IFACE -m state --state ESTABLISHED,RELATED \
-j ACCEPT
$IPT -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-prefix "FORWARD packet died: "
echo "Process OUTPUT chain ..."
$IPT -A OUTPUT -m state -p icmp --state INVALID -j DROP
$IPT -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -s $LOCAL_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LOCAL_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
$IPT -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-prefix "OUTPUT packet died: "
echo "Load rules for nat table ..."
$IPT -t nat -A PREROUTING -p tcp --destination-port 80 \
-j REDIRECT --to-ports 8080
$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
echo "Load rules for mangle table ..."
tinyproxy.conf
Code:
root@scs:/etc/rc.d# cat /etc/tinyproxy/tinyproxy.conf | grep -v "^$" | grep -v "^#"
User nobody
Group nobody
Port 3128
Listen 127.0.0.1
Bind 192.168.1.96
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatFile "/usr/share/tinyproxy/stats.html"
Logfile "/var/log/tinyproxy.log"
LogLevel Info
PidFile "/var/run/tinyproxy.pid"
MaxClients 100
MinSpareServers 5
MaxSpareServers 20
StartServers 10
MaxRequestsPerChild 0
Allow 127.0.0.1
Allow 192.168.1.0/24
Allow 192.168.2.0/24
ViaProxyName "tinyproxy"
ConnectPort 443
ConnectPort 563
dansguardian.conf
Code:
root@scs:/etc/rc.d# cat /etc/dansguardian/dansguardian.conf | grep -v "^$" | grep -v "^#"
reportinglevel = 3
languagedir = '/usr/share/dansguardian/languages'
language = 'ukenglish'
loglevel = 2
logexceptionhits = on
logfileformat = 1
filterip = 192.168.2.1
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
nonstandarddelimiter = on
usecustombannedimage = 1
custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif'
filtergroups = 1
filtergroupslist = '/etc/dansguardian/lists/filtergroupslist'
bannediplist = '/etc/dansguardian/lists/bannediplist'
exceptioniplist = '/etc/dansguardian/lists/exceptioniplist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 1000
urlcacheage = 900
scancleancache = on
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = 0
forcequicksearch = 0
reverseaddresslookups = off
reverseclientiplookups = off
logclienthostnames = off
createlistcachefiles = on
maxuploadsize = -1
maxcontentfiltersize = 256
maxcontentramcachescansize = 2000
maxcontentfilecachescansize = 20000
filecachedir = '/tmp'
deletedownloadedtempfiles = on
initialtrickledelay = 20
trickledelay = 10
downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf'
downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf'
contentscannertimeout = 60
contentscanexceptions = off
recheckreplacedurls = off
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
logchildprocesshandling = off
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
maxips = 0
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
ipipcfilename = '/tmp/.dguardianipipc'
nodaemon = off
nologger = off
logadblocks = off
softrestart = off
mailer = '/usr/sbin/sendmail -t'
Here's a thought. Is the transparent proxy TRULY going through port 8080? According to tinyproxy 3128 is the proxy and 8080 is dansguardian. I know you got it to work for you. It's just frustrating the fool out of me. Thanks again for your help.
|
|
|
06-01-2006, 05:21 PM
|
#65
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
By the way... you did install my tinyproxy package which was specifically compiled with transparent proxy support (the default when you build it is no transparent proxy support)...???
The Dansguardian is indeed supposed to listen at port 8080 and your browsers connect to it. Dansguardian decides what requests will be passed to the proxy after validation, or shows the "boo boo" page if you tried to access naughties.
Also, try this: ditch rc.firewall and rc.transparentproxy and whatever files you have that define iptable rules.
Then create a minimal rc.firewall just containing this>
Code:
#!/bin/sh
# eth0 is the "external" interface
# 192.168.2.1 is the IP address of the "internal" interface
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -A PREROUTING -t nat -p tcp -s 192.168.2.1 --destination-port 80 -j RETURN
iptables -A PREROUTING -t nat -p tcp -s 192.168.2.1 --destination-port 443 -j RETURN
iptables -A PREROUTING -t nat -p tcp --destination-port 80 -j REDIRECT --to-ports 8080
iptables -A PREROUTING -t nat -p tcp --destination-port 443 -j REDIRECT --to-ports 8080
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
And make it executable:
Code:
chmod +x /etc/rc.d/rc.firewall
so that Slackware can start it.
No more, no less. Try this, the script is very crude and you'll have to reboot if you want to flush the firewall rules :-) but I am in a hurry.
These barebone rules work here and let me have transparent proxying.
Eric
|
|
|
06-01-2006, 05:51 PM
|
#66
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Still no transparent proxy. Yes I am running your tinyproxy 1.7.0 package and your dansguardian as well. I figured I better be doing EVERYTHING that you are doing.
Code:
root@scs:~# iptables -t nat -L -n --line-numbers
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 RETURN tcp -- 192.168.2.1 0.0.0.0/0 tcp dpt:80
2 RETURN tcp -- 192.168.2.1 0.0.0.0/0 tcp dpt:443
3 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
4 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 8080
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Out of curiousity, does your tinyproxy out put lines of junk when it runs on your machine? When I ran 1.6.3 and typed "tinyproxy" it produced NO output and returned to a prompt. With your package of 1.7.0 I get lines of junk, however dansguardian appears to see it, so I guess it is working fine. This is what I mean by lines of junk
This is only a segment of what I get. The output is more lines that my terminal will remember.
Code:
...
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# proxy sites which have absolute links you must uncomment this.
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#ReverseMagic Yes
")
--accepting rule at line 110 ("
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# The URL that's used to access this reverse proxy. The URL is used to
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# rewrite HTTP redirects so that they won't escape the proxy. If you
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# have a chain of reverse proxies, you'll need to put the outermost
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# URL here (the address which the end user types into his/her browser).
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# If not set then no rewriting occurs.
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#ReverseBaseURL "http://localhost:8888/"
")
--accepting rule at line 110 ("
")
--accepting rule at line 110 ("
")
--accepting rule at line 110 ("
")
--(end of buffer or a NUL)
--accepting rule at line 110 ("
")
--(end of buffer or a NUL)
--EOF (start condition 0)
What is particularly interesting EVERY line of junk makes reference to lines 109 and 110 with only about 6-8 exceptions. It appears to be outputting (in a weird way) my tinyproxy.conf file....every line of it.
Any ideas?
Last edited by tubatodd; 06-01-2006 at 05:53 PM.
|
|
|
06-01-2006, 06:19 PM
|
#67
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
Quote:
Out of curiousity, does your tinyproxy out put lines of junk when it runs on your machine?
|
Yes exactly like yours. Perhaps that goes away when you turn down the logging level, but I was not bothered by it... I intend to create a nice rc.tinyproxy some time... when there is time. And filter away those junk lines.
Sorry to hear it is still not working though. I am out of suggestions. If all fails, read on proxy.pac in this earlier thread post ( http://www.linuxquestions.org/questi...61#post2267461) which will be a little better than to hard-code the proxy address in every browser. http://homepages.tesco.net/J.deBoyne...iguration.html is an excellent article on proxy auto-configuration as well.
Eric
|
|
|
06-01-2006, 06:20 PM
|
#68
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
A side Note:
When I got rid of tinyproxy 1.6.3 I did "make uninstall" in the folder that I compiled it from. Hopefully it god rid of any residual junk that could have caused a problem. I'm contemplating compiling tinyproxy 1.7.0 from scratch. Let me make sure I understand HOW I should compile it. I should run the following
Code:
./configure --enable-transparent-proxy
make
make install
|
|
|
06-01-2006, 06:27 PM
|
#69
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
STOP THE PRESS:
Here is my rc.inet1.conf
Code:
# Config information for eth0:
IPADDR[0]=""
NETMASK[0]=""
USE_DHCP[0]="yes"
DHCP_HOSTNAME[0]=""
# Config information for eth1:
IPADDR[1]="192.168.2.1"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]="no"
DHCP_HOSTNAME[1]=""
# Config information for eth2:
IPADDR[2]=""
NETMASK[2]=""
USE_DHCP[2]=""
DHCP_HOSTNAME[2]=""
# Config information for eth3:
IPADDR[3]=""
NETMASK[3]=""
USE_DHCP[3]=""
DHCP_HOSTNAME[3]=""
# Default gateway IP address:
GATEWAY="192.168.1.254"
The default gateway looks wrong to me.
|
|
|
06-01-2006, 06:28 PM
|
#70
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Here's the whole thing
Code:
root@scs:/etc/rc.d# cat /etc/rc.d/rc.inet1.conf | grep -v "^$" | grep -v "^#"
IPADDR[0]=""
NETMASK[0]=""
USE_DHCP[0]="yes"
DHCP_HOSTNAME[0]=""
IPADDR[1]="192.168.2.1"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]="no"
DHCP_HOSTNAME[1]=""
IPADDR[2]=""
NETMASK[2]=""
USE_DHCP[2]=""
DHCP_HOSTNAME[2]=""
IPADDR[3]=""
NETMASK[3]=""
USE_DHCP[3]=""
DHCP_HOSTNAME[3]=""
GATEWAY="192.168.1.254"
DEBUG_ETH_UP="no"
# the default 'eth4'
# 1360 when you use NAT'ed IPSec traffic.
# your default gateway
# server
# defined in rc.wireless.conf, by prepending
# 'WLAN_' to the parameter's name. Useful for
# those with multiple wireless interfaces.
# Some drivers require a private ioctl to be
# set through the iwpriv command. If more than
# one is required, you can place them in the
# IWPRIV parameter (space-separated, see the
# example).
IPADDR[lo]="127.0.0.1"
NETMASK[lo]="255.0.0.0"
|
|
|
06-01-2006, 06:31 PM
|
#71
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
More Info (Just a reminder)
Code:
root@scs:/etc/rc.d# ifconfig
eth0 Link encap:Ethernet HWaddr 00:04:5A:77:38:D8
inet addr:192.168.1.96 Bcast:255.255.255.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23596 errors:0 dropped:0 overruns:0 frame:0
TX packets:23194 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:20116380 (19.1 MiB) TX bytes:3063803 (2.9 MiB)
Interrupt:6 Base address:0x9400
eth1 Link encap:Ethernet HWaddr 00:04:5A:77:38:DC
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14766 errors:0 dropped:0 overruns:0 frame:0
TX packets:21174 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1985652 (1.8 MiB) TX bytes:16015966 (15.2 MiB)
Interrupt:9 Base address:0x9000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:51890 errors:0 dropped:0 overruns:0 frame:0
TX packets:51890 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:15443106 (14.7 MiB) TX bytes:15443106 (14.7 MiB)
|
|
|
06-01-2006, 06:35 PM
|
#72
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
The essence of my build script would be:
Code:
./configure --prefix=/usr \
--libdir=/usr/lib \
--localstatedir=/var \
--sysconfdir=/etc \
--enable-xtinyproxy \
--enable-filter \
--enable-upstream \
--enable-reverse \
--enable-transparent-proxy \
--program-prefix="" \
--program-suffix=""
make
make install
Be sure to run
Code:
removepkg tinyproxy
before attempting to build this yourself!
Eric
|
|
|
06-01-2006, 06:39 PM
|
#73
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
Quote:
inet addr:192.168.1.96 Bcast:255.255.255.255 Mask:255.255.255.0
|
O yes... that broadcast address (Bcast) is still completely screwed up - perhaps that adds to the soup? It should read 192.168.1.255 with that netmask of 255.255.255.0... You should check the DHCP server that issued the 192.168.1.96 address lease. It is misconfigured. What does
Code:
cat /etc/dhcpc/dhcpcd-eth0.info
show?
Eric
|
|
|
06-01-2006, 06:46 PM
|
#74
|
Slackware Contributor
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559
|
We're cross-posting :-)
Quote:
IPADDR[lo]="127.0.0.1"
NETMASK[lo]="255.0.0.0"
|
This should never be needed! I hope you did not edit your /etc/rc.d/rc.inet1 file?
Quote:
# Default gateway IP address:
GATEWAY="192.168.1.254"
|
If eth0 gets it's settings from DHCP, then the dhcp client will also set the default gateway. So, in such a case you should leave the GATEWAY variable empty. If anything, it should have the IP address of your internet router or whatever router you have on that network.
What default gateway shows up in (the last line, starting with "0.0.0.0" - and note, there should be only one line starting with 0.0.0.0 there)?
|
|
|
06-01-2006, 06:46 PM
|
#75
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
cat /etc/dhcpc/dhcpcd-eth0.info
no such file
My DSL modem is what is assigning ip address (I guess). I just have Linux doing DHCP to detect the address from the modem. (I'm sorry if my networking knowledge is BAD)
|
|
|
All times are GMT -5. The time now is 03:43 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|