LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 06-01-2006, 03:58 AM   #61
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119

If you used the generator at http://www.slackware.com/~alien/efg/ which I pointed you (telling explicitly that I modified it so that it generates a script that will run on Slackware!!!) you would not have had those problems. Maybe you clicked through to the web site of the original Easy Firewall Generator? That one does indeed generate a script that does work for Redhat but is incorrect for Slackware.

My modificated EFG generates this piece of code:
Code:
# IPTables Location - adjust if needed

IPT="/usr/sbin/iptables"
IPTS="/usr/sbin/iptables-save"
IPTR="/usr/sbin/iptables-restore"
Whereas the unmodified EFG script generates this:
Code:
# IPTables Location - adjust if needed

IPT="/sbin/iptables"
IPTS="/sbin/iptables-save"
IPTR="/sbin/iptables-restore"
Eric
 
Old 06-01-2006, 06:56 AM   #62
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
Whoops!!! I thought I had YOUR generator bookmarked, BUT I guess I was wrong. I will test the machine with YOUR rc.firewall in a couple hours.
 
Old 06-01-2006, 07:32 AM   #63
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119
I have modified the header in the generated script to explicitly tell it is meant for Slackware. Also, I added instructions about where to save the script to so that Slackware will find and automatically start it on boot (you know, the /etc/rc.d/rc.firewall executable file).

Hope you have more luck this time round :-)

Eric
 
Old 06-01-2006, 04:57 PM   #64
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30


Well, I used your generator and used all of the settings you mentioned and restarted rc.firewall, tinyproxy and dansguardian. There is still no transparent proxy. So here was stand.

rc.firewall
Code:
root@scs:/etc/rc.d# cat /etc/rc.d/rc.firewall | grep -v "^$" | grep -v "^#"
SYSCTL="/sbin/sysctl -w"
IPT="/usr/sbin/iptables"
IPTS="/usr/sbin/iptables-save"
IPTR="/usr/sbin/iptables-restore"
INET_IFACE="eth0"
LOCAL_IFACE="eth1"
LOCAL_IP="192.168.2.1"
LOCAL_NET="192.168.2.0/24"
LOCAL_BCAST="192.168.2.255"
LO_IFACE="lo"
LO_IP="127.0.0.1"
if [ "$1" = "save" ]
then
        echo -n "Saving firewall to /etc/sysconfig/iptables ... "
        $IPTS > /etc/sysconfig/iptables
        echo "done"
        exit 0
elif [ "$1" = "restore" ]
then
        echo -n "Restoring firewall from /etc/sysconfig/iptables ... "
        $IPTR < /etc/sysconfig/iptables
        echo "done"
        exit 0
fi
echo "Loading kernel modules ..."
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
if [ "$SYSCTL" = "" ]
then
    echo "1" > /proc/sys/net/ipv4/ip_forward
else
    $SYSCTL net.ipv4.ip_forward="1"
fi
if [ "$SYSCTL" = "" ]
then
    echo "1" > /proc/sys/net/ipv4/tcp_syncookies
else
    $SYSCTL net.ipv4.tcp_syncookies="1"
fi
if [ "$SYSCTL" = "" ]
then
    echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
else
    $SYSCTL net.ipv4.conf.all.rp_filter="1"
fi
if [ "$SYSCTL" = "" ]
then
    echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
else
    $SYSCTL net.ipv4.icmp_echo_ignore_broadcasts="1"
fi
if [ "$SYSCTL" = "" ]
then
    echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
else
    $SYSCTL net.ipv4.conf.all.accept_source_route="0"
fi
if [ "$SYSCTL" = "" ]
then
    echo "1" > /proc/sys/net/ipv4/conf/all/secure_redirects
else
    $SYSCTL net.ipv4.conf.all.secure_redirects="1"
fi
if [ "$SYSCTL" = "" ]
then
    echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
else
    $SYSCTL net.ipv4.conf.all.log_martians="1"
fi
echo "Flushing Tables ..."
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -F
$IPT -t nat -F
$IPT -t mangle -F
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X
if [ "$1" = "stop" ]
then
        echo "Firewall completely flushed!  Now running with no firewall."
        exit 0
fi
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
echo "Create and populate custom rule chains ..."
$IPT -N bad_packets
$IPT -N bad_tcp_packets
$IPT -N icmp_packets
$IPT -N udp_inbound
$IPT -N udp_outbound
$IPT -N tcp_inbound
$IPT -N tcp_outbound
$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j LOG \
    --log-prefix "Illegal source: "
$IPT -A bad_packets -p ALL -i $INET_IFACE -s $LOCAL_NET -j DROP
$IPT -A bad_packets -p ALL -m state --state INVALID -j LOG \
    --log-prefix "Invalid packet: "
$IPT -A bad_packets -p ALL -m state --state INVALID -j DROP
$IPT -A bad_packets -p tcp -j bad_tcp_packets
$IPT -A bad_packets -p ALL -j RETURN
$IPT -A bad_tcp_packets -p tcp -i $LOCAL_IFACE -j RETURN
$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \
    --log-prefix "New not syn: "
$IPT -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j LOG \
    --log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL NONE -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j LOG \
    --log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j LOG \
    --log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LOG \
    --log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j LOG \
    --log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG \
    --log-prefix "Stealth scan: "
$IPT -A bad_tcp_packets -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPT -A bad_tcp_packets -p tcp -j RETURN
$IPT -A icmp_packets --fragment -p ICMP -j LOG \
    --log-prefix "ICMP Fragment: "
$IPT -A icmp_packets --fragment -p ICMP -j DROP
$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j DROP
$IPT -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
$IPT -A icmp_packets -p ICMP -j RETURN
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 137 -j DROP
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 138 -j DROP
$IPT -A udp_inbound -p UDP -s 0/0 --source-port 67 --destination-port 68 \
     -j ACCEPT
$IPT -A udp_inbound -p UDP -j RETURN
$IPT -A udp_outbound -p UDP -s 0/0 -j ACCEPT
$IPT -A tcp_inbound -p TCP -j RETURN
$IPT -A tcp_outbound -p TCP -s 0/0 -j ACCEPT
echo "Process INPUT chain ..."
$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT
$IPT -A INPUT -p ALL -j bad_packets
$IPT -A INPUT -p ALL -d 224.0.0.1 -j DROP
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -s $LOCAL_NET -j ACCEPT
$IPT -A INPUT -p ALL -i $LOCAL_IFACE -d $LOCAL_BCAST -j ACCEPT
$IPT -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED \
     -j ACCEPT
$IPT -A INPUT -p TCP -i $INET_IFACE -j tcp_inbound
$IPT -A INPUT -p UDP -i $INET_IFACE -j udp_inbound
$IPT -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
$IPT -A INPUT -m pkttype --pkt-type broadcast -j DROP
$IPT -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
    --log-prefix "INPUT packet died: "
echo "Process FORWARD chain ..."
$IPT -A FORWARD -p ALL -j bad_packets
$IPT -A FORWARD -p tcp -i $LOCAL_IFACE -j tcp_outbound
$IPT -A FORWARD -p udp -i $LOCAL_IFACE -j udp_outbound
$IPT -A FORWARD -p ALL -i $LOCAL_IFACE -j ACCEPT
$IPT -A FORWARD -i $INET_IFACE -m state --state ESTABLISHED,RELATED \
     -j ACCEPT
$IPT -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG \
    --log-prefix "FORWARD packet died: "
echo "Process OUTPUT chain ..."
$IPT -A OUTPUT -m state -p icmp --state INVALID -j DROP
$IPT -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -s $LOCAL_IP -j ACCEPT
$IPT -A OUTPUT -p ALL -o $LOCAL_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
$IPT -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
    --log-prefix "OUTPUT packet died: "
echo "Load rules for nat table ..."
$IPT -t nat -A PREROUTING -p tcp --destination-port 80 \
     -j REDIRECT --to-ports 8080
$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
echo "Load rules for mangle table ..."
tinyproxy.conf
Code:
root@scs:/etc/rc.d# cat /etc/tinyproxy/tinyproxy.conf | grep -v "^$" | grep -v "^#"
User nobody
Group nobody
Port 3128
Listen 127.0.0.1
Bind 192.168.1.96
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatFile "/usr/share/tinyproxy/stats.html"
Logfile "/var/log/tinyproxy.log"
LogLevel Info
PidFile "/var/run/tinyproxy.pid"
MaxClients 100
MinSpareServers 5
MaxSpareServers 20
StartServers 10
MaxRequestsPerChild 0
Allow 127.0.0.1
Allow 192.168.1.0/24
Allow 192.168.2.0/24
ViaProxyName "tinyproxy"
ConnectPort 443
ConnectPort 563
dansguardian.conf
Code:
root@scs:/etc/rc.d# cat /etc/dansguardian/dansguardian.conf | grep -v "^$" | grep -v "^#"
reportinglevel = 3
languagedir = '/usr/share/dansguardian/languages'
language = 'ukenglish'
loglevel = 2
logexceptionhits = on
logfileformat = 1
filterip = 192.168.2.1
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
nonstandarddelimiter = on
usecustombannedimage = 1
custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif'
filtergroups = 1
filtergroupslist = '/etc/dansguardian/lists/filtergroupslist'
bannediplist = '/etc/dansguardian/lists/bannediplist'
exceptioniplist = '/etc/dansguardian/lists/exceptioniplist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 1000
urlcacheage = 900
scancleancache = on
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = 0
forcequicksearch = 0
reverseaddresslookups = off
reverseclientiplookups = off
logclienthostnames = off
createlistcachefiles = on
maxuploadsize = -1
maxcontentfiltersize = 256
maxcontentramcachescansize = 2000
maxcontentfilecachescansize = 20000
filecachedir = '/tmp'
deletedownloadedtempfiles = on
initialtrickledelay = 20
trickledelay = 10
downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf'
downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf'
contentscannertimeout = 60
contentscanexceptions = off
recheckreplacedurls = off
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
logchildprocesshandling = off
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
maxips = 0
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
ipipcfilename = '/tmp/.dguardianipipc'
nodaemon = off
nologger = off
logadblocks = off
softrestart = off
mailer = '/usr/sbin/sendmail -t'
Here's a thought. Is the transparent proxy TRULY going through port 8080? According to tinyproxy 3128 is the proxy and 8080 is dansguardian. I know you got it to work for you. It's just frustrating the fool out of me. Thanks again for your help.
 
Old 06-01-2006, 05:21 PM   #65
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119
By the way... you did install my tinyproxy package which was specifically compiled with transparent proxy support (the default when you build it is no transparent proxy support)...???

The Dansguardian is indeed supposed to listen at port 8080 and your browsers connect to it. Dansguardian decides what requests will be passed to the proxy after validation, or shows the "boo boo" page if you tried to access naughties.

Also, try this: ditch rc.firewall and rc.transparentproxy and whatever files you have that define iptable rules.

Then create a minimal rc.firewall just containing this>

Code:
#!/bin/sh
# eth0 is the "external" interface
# 192.168.2.1 is the IP address of the "internal" interface

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -A PREROUTING -t nat -p tcp -s 192.168.2.1 --destination-port 80 -j RETURN
iptables -A PREROUTING -t nat -p tcp -s 192.168.2.1 --destination-port 443 -j RETURN

iptables -A PREROUTING -t nat -p tcp --destination-port 80 -j REDIRECT --to-ports 8080
iptables -A PREROUTING -t nat -p tcp --destination-port 443 -j REDIRECT --to-ports 8080

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
And make it executable:
Code:
chmod +x /etc/rc.d/rc.firewall
so that Slackware can start it.

No more, no less. Try this, the script is very crude and you'll have to reboot if you want to flush the firewall rules :-) but I am in a hurry.
These barebone rules work here and let me have transparent proxying.

Eric
 
Old 06-01-2006, 05:51 PM   #66
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
Still no transparent proxy. Yes I am running your tinyproxy 1.7.0 package and your dansguardian as well. I figured I better be doing EVERYTHING that you are doing.

Code:
root@scs:~# iptables -t nat -L -n --line-numbers
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    RETURN     tcp  --  192.168.2.1          0.0.0.0/0           tcp dpt:80
2    RETURN     tcp  --  192.168.2.1          0.0.0.0/0           tcp dpt:443
3    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 8080
4    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443 redir ports 8080

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
Out of curiousity, does your tinyproxy out put lines of junk when it runs on your machine? When I ran 1.6.3 and typed "tinyproxy" it produced NO output and returned to a prompt. With your package of 1.7.0 I get lines of junk, however dansguardian appears to see it, so I guess it is working fine. This is what I mean by lines of junk

This is only a segment of what I get. The output is more lines that my terminal will remember.

Code:
...
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# proxy sites which have absolute links you must uncomment this.
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#ReverseMagic Yes
")
--accepting rule at line 110 ("
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# The URL that's used to access this reverse proxy. The URL is used to
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# rewrite HTTP redirects so that they won't escape the proxy. If you
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# have a chain of reverse proxies, you'll need to put the outermost
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# URL here (the address which the end user types into his/her browser).
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("# If not set then no rewriting occurs.
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#
")
--accepting rule at line 110 ("
")
--accepting rule at line 109 ("#ReverseBaseURL "http://localhost:8888/"
")
--accepting rule at line 110 ("
")
--accepting rule at line 110 ("
")
--accepting rule at line 110 ("
")
--(end of buffer or a NUL)
--accepting rule at line 110 ("
")
--(end of buffer or a NUL)
--EOF (start condition 0)
What is particularly interesting EVERY line of junk makes reference to lines 109 and 110 with only about 6-8 exceptions. It appears to be outputting (in a weird way) my tinyproxy.conf file....every line of it.

Any ideas?

Last edited by tubatodd; 06-01-2006 at 05:53 PM.
 
Old 06-01-2006, 06:19 PM   #67
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119
Quote:
Out of curiousity, does your tinyproxy out put lines of junk when it runs on your machine?
Yes exactly like yours. Perhaps that goes away when you turn down the logging level, but I was not bothered by it... I intend to create a nice rc.tinyproxy some time... when there is time. And filter away those junk lines.

Sorry to hear it is still not working though. I am out of suggestions. If all fails, read on proxy.pac in this earlier thread post (http://www.linuxquestions.org/questi...61#post2267461) which will be a little better than to hard-code the proxy address in every browser. http://homepages.tesco.net/J.deBoyne...iguration.html is an excellent article on proxy auto-configuration as well.

Eric
 
Old 06-01-2006, 06:20 PM   #68
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
A side Note:

When I got rid of tinyproxy 1.6.3 I did "make uninstall" in the folder that I compiled it from. Hopefully it god rid of any residual junk that could have caused a problem. I'm contemplating compiling tinyproxy 1.7.0 from scratch. Let me make sure I understand HOW I should compile it. I should run the following

Code:
./configure --enable-transparent-proxy
make
make install
 
Old 06-01-2006, 06:27 PM   #69
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
STOP THE PRESS:

Here is my rc.inet1.conf

Code:
# Config information for eth0:
IPADDR[0]=""
NETMASK[0]=""
USE_DHCP[0]="yes"
DHCP_HOSTNAME[0]=""

# Config information for eth1:
IPADDR[1]="192.168.2.1"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]="no"
DHCP_HOSTNAME[1]=""

# Config information for eth2:
IPADDR[2]=""
NETMASK[2]=""
USE_DHCP[2]=""
DHCP_HOSTNAME[2]=""

# Config information for eth3:
IPADDR[3]=""
NETMASK[3]=""
USE_DHCP[3]=""
DHCP_HOSTNAME[3]=""

# Default gateway IP address:
GATEWAY="192.168.1.254"
The default gateway looks wrong to me.
 
Old 06-01-2006, 06:28 PM   #70
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
Here's the whole thing
Code:
root@scs:/etc/rc.d# cat /etc/rc.d/rc.inet1.conf | grep -v "^$" | grep -v "^#"
IPADDR[0]=""
NETMASK[0]=""
USE_DHCP[0]="yes"
DHCP_HOSTNAME[0]=""
IPADDR[1]="192.168.2.1"
NETMASK[1]="255.255.255.0"
USE_DHCP[1]="no"
DHCP_HOSTNAME[1]=""
IPADDR[2]=""
NETMASK[2]=""
USE_DHCP[2]=""
DHCP_HOSTNAME[2]=""
IPADDR[3]=""
NETMASK[3]=""
USE_DHCP[3]=""
DHCP_HOSTNAME[3]=""
GATEWAY="192.168.1.254"
DEBUG_ETH_UP="no"
                                # the default 'eth4'
                                # 1360 when you use NAT'ed IPSec traffic.
                                # your default gateway
                                # server
                                # defined in rc.wireless.conf, by prepending
                                # 'WLAN_' to the parameter's name. Useful for
                                # those with multiple wireless interfaces.
                                # Some drivers require a private ioctl to be
                                # set through the iwpriv command. If more than
                                # one is required, you can place them in the
                                # IWPRIV parameter (space-separated, see the
                                # example).
IPADDR[lo]="127.0.0.1"
NETMASK[lo]="255.0.0.0"
 
Old 06-01-2006, 06:31 PM   #71
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
More Info (Just a reminder)

Code:
root@scs:/etc/rc.d# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:04:5A:77:38:D8
          inet addr:192.168.1.96  Bcast:255.255.255.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:23596 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23194 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:20116380 (19.1 MiB)  TX bytes:3063803 (2.9 MiB)
          Interrupt:6 Base address:0x9400

eth1      Link encap:Ethernet  HWaddr 00:04:5A:77:38:DC
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14766 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21174 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1985652 (1.8 MiB)  TX bytes:16015966 (15.2 MiB)
          Interrupt:9 Base address:0x9000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:51890 errors:0 dropped:0 overruns:0 frame:0
          TX packets:51890 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:15443106 (14.7 MiB)  TX bytes:15443106 (14.7 MiB)
 
Old 06-01-2006, 06:35 PM   #72
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119
The essence of my build script would be:
Code:
./configure --prefix=/usr \
            --libdir=/usr/lib \
            --localstatedir=/var \
            --sysconfdir=/etc \
            --enable-xtinyproxy \
            --enable-filter \
            --enable-upstream \
            --enable-reverse \
            --enable-transparent-proxy \
            --program-prefix="" \
            --program-suffix=""
make
make install
Be sure to run
Code:
removepkg tinyproxy
before attempting to build this yourself!

Eric
 
Old 06-01-2006, 06:39 PM   #73
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119
Quote:
inet addr:192.168.1.96 Bcast:255.255.255.255 Mask:255.255.255.0
O yes... that broadcast address (Bcast) is still completely screwed up - perhaps that adds to the soup? It should read 192.168.1.255 with that netmask of 255.255.255.0... You should check the DHCP server that issued the 192.168.1.96 address lease. It is misconfigured. What does
Code:
cat /etc/dhcpc/dhcpcd-eth0.info
show?

Eric
 
Old 06-01-2006, 06:46 PM   #74
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119Reputation: 8119
We're cross-posting :-)

Quote:
IPADDR[lo]="127.0.0.1"
NETMASK[lo]="255.0.0.0"
This should never be needed! I hope you did not edit your /etc/rc.d/rc.inet1 file?

Quote:
# Default gateway IP address:
GATEWAY="192.168.1.254"
If eth0 gets it's settings from DHCP, then the dhcp client will also set the default gateway. So, in such a case you should leave the GATEWAY variable empty. If anything, it should have the IP address of your internet router or whatever router you have on that network.

What default gateway shows up in
Code:
route -n
(the last line, starting with "0.0.0.0" - and note, there should be only one line starting with 0.0.0.0 there)?
 
Old 06-01-2006, 06:46 PM   #75
tubatodd
Member
 
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351

Original Poster
Rep: Reputation: 30
cat /etc/dhcpc/dhcpcd-eth0.info

no such file


My DSL modem is what is assigning ip address (I guess). I just have Linux doing DHCP to detect the address from the modem. (I'm sorry if my networking knowledge is BAD)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Help Configuring Linux 9 As gateway rml_85226 Linux - Networking 5 05-18-2006 12:36 AM
Configuring Fedora 3 as an internet gateway justiceisblind Fedora 1 05-27-2005 01:42 PM
configuring gateway - help jhar Linux - Newbie 6 01-30-2005 09:54 AM
configuring 2nd nic/gateway spooge Slackware 2 12-24-2004 03:22 PM
configuring a gateway for a windows xp box joshuadonz *BSD 0 03-23-2003 02:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration