RE: [squid-users] squid + iptables

Dear all,

> Are you able to ping to DNS server IP 192.168.0.1?
No, as I don't do any ip translation on my proxy box.
So in my isolan, i can't ping dns server. But on my proxybox, I can ping dns server.

> Else you are not having proper route table entries to
> 192.168.0.1. I am sure that is the problem.
>
> Post route -n entries there. If you succeed with ping
> / nslookup then your proxy will work good.

**************************************************************
Route of computer in isolan :

$route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.1 0.0.0.0 UG 1 0 0 eth0

(ie : 192.168.2.1 = proxybox)

**************************************************************
Route of proxybox :

root@margaritas:/home/kth# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth0

(ie : 192.168.0.254 = firewall)

I feel that I am missing something in my route table of proxybox!

Isolated Lan -----(eth1)| Proxy Box |(eth0)-------Lan------| Firewall |-------INTERNET

thks a lot for your answers!!

regards,

Kevin.

Kevin Thackray
C&T Paradigm NV
BTW BE 0465.030.272 RPR Antwerpen
G. LeGrellelaan 10, B - 2020 Antwerpen
Tel +32(3)259 2266

mailto:kthackray@ctparadigm.be

This email is for the use of the intended recipient only. It may contain information that is legally privileged or confidential. If you are not the intended recipient, any disclosure, distribution or copying of this email is strictly prohibited and may be unlawful. If received in error, please reply to the sender confirming this, then delete the email.
Received on Wed Apr 06 2005 - 04:38:05 MDT