I have tried it. But it is not working. Anyway. I am giving my settings and problems so that you can understand it better.
I am getting bandwidth through ISP coming to my server having Linux 8.0 and acting as Linux router and running squid as proxy and cache server.
SETTINGS
Following are settings in my "/etc/rc.d/rc.local" file
***
touch /var/lock/subsys/local
route del default gw 202.183.69.129 dev eth0
iptunnel add tunnel0 mode ipip local 202.183.69.130 remote 202.183.73.206 ttl 255
ip link set tunnel0 up
ip addr add 202.63.162.62/30 dev tunnel0
route add default gw 202.63.162.61 dev tunnel0
route add -net 202.183.73.204 netmask 255.255.255.252 gw 202.183.69.129
echo 1 > /proc/sys/net/ipv4/ip_forward
route del default gw 202.183.69.129 dev eth0
iptunnel add tunnel0 mode ipip local 202.183.69.130 remote 202.183.73.206 ttl 255
ip link set tunnel0 up
ip addr add 202.63.162.62/30 dev tunnel0
route add default gw 202.63.162.61 dev tunnel0
route add -net 202.183.73.204 netmask 255.255.255.252 gw 202.183.69.129
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface tunnel0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface tunnel0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT --to-port 3128
*******
I have commented file "/etc/sysconf/iptables" totally and it is stopped.
PROBLEMS - 1
When I try to send email to squid mailing list from LAN user. I get following error.
***
This is a permanent error; I've given up. Sorry it didn't work out.
<squid-users@xxxxxxxxxxxxxxx>:
ezmlm-reject: fatal: Sorry, I don't accept messages of MIME
Content-Type 'multipart/alternative' (#5.2.3)
ezmlm-reject: fatal: Sorry, I don't accept messages of MIME
Content-Type 'multipart/alternative' (#5.2.3)
--- Below this line is a copy of the message.
Return-Path: <adssquid@xxxxxxxxx>
Received: (qmail 65674 invoked from network); 27 Aug 2003 11:00:53
-0000
Received: from web20502.mail.yahoo.com (216.136.226.137)
by squid-cache.org with SMTP; 27 Aug 2003 11:00:53 -0000
Message-ID: <20030827110050.81255.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
Received: from [203.94.221.44] by web20502.mail.yahoo.com via HTTP;
Wed, 27 Aug 2003 04:00:50 PDT
Date: Wed, 27 Aug 2003 04:00:50 -0700 (PDT)
From: ads squid <adssquid@xxxxxxxxx>
Subject: RE: [squid-users] delay pool problem
To: Adam Aube <aaube@xxxxxxxxxxxxxxxxxxxx>, squid-users@xxxxxxxxxxxxxxx
In-Reply-To: <000001c36c08$42969990$647fa8c0@xxxxxxxxxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="0-181363567-1061982050=:80891"
Received: (qmail 65674 invoked from network); 27 Aug 2003 11:00:53
-0000
Received: from web20502.mail.yahoo.com (216.136.226.137)
by squid-cache.org with SMTP; 27 Aug 2003 11:00:53 -0000
Message-ID: <20030827110050.81255.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
Received: from [203.94.221.44] by web20502.mail.yahoo.com via HTTP;
Wed, 27 Aug 2003 04:00:50 PDT
Date: Wed, 27 Aug 2003 04:00:50 -0700 (PDT)
From: ads squid <adssquid@xxxxxxxxx>
Subject: RE: [squid-users] delay pool problem
To: Adam Aube <aaube@xxxxxxxxxxxxxxxxxxxx>, squid-users@xxxxxxxxxxxxxxx
In-Reply-To: <000001c36c08$42969990$647fa8c0@xxxxxxxxxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="0-181363567-1061982050=:80891"
--0-181363567-1061982050=:80891
Content-Type: text/plain; charset=us-ascii
Content-Type: text/plain; charset=us-ascii
***
My LAN user can send email to this (nat) mailing list.
Also my users complain that they can not send email from outlook express to email id xyz@xxxxxxxxx using LAN machine, But can send from outside dialup connection. At the same time they can send emails from yahho.com, hotmail.com, etc.
PROBLEM - 2
When I try to upload files to my web servrice provider(outside) through my LAN machine It accept login, password. Says Login successful but gives following error
***
retrieving directory listing...
COMMAND:> PORT 192,168,0,42,5,249
500 Illegal PORT command.
STATUS:> Error opening data socket
****
I am using Cuteftp for uploading.
When I try to upload same web service provider from dialup connection I can uploads files.
I think there is somwthing to be done at my IPtable setting and rc.local settings.
It is blocking access to outside.
I spoke to web server provider and ISP and they said they have not blocked anything from their side.
I think this will give clear idea about settings and problems so that you can guide in better manner.
If you need any more info. let me know.
Sorry for delay in reply.
Thanks
George Vieira <georgev@xxxxxxxxxxxxxxxxxxxxxx> wrote:
George Vieira <georgev@xxxxxxxxxxxxxxxxxxxxxx> wrote:
Well... have you tried it??Thanks,
George Vieira
Citadel Computer Systems Pty Ltd-----Original Message-----
From: ads nat [mailto:adsnat@xxxxxxxxx]
Sent: Wednesday, August 27, 2003 9:50 PM
To: George Vieira; netfilter@xxxxxxxxxxxxxxxxxxx
Subject: RE: SMTP HTTP port allowMy code has become as follows :******iptables -A POSTROUTING -t nat -p tcp --dport 25 -j MASQUERADE
iptables -A POSTROUTING -t nat -p tcp -s 192.168.0.42 -d 207.106.22.35 --dport 21 -j MASQUERADE
iptables -A POSTROUTING -t nat -p tcp -s 192.168.0.23 -d 207.106.22.35 --dport 21 -j MASQUERADE
iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT --to-port 3128
*****Is this O.K.Thanks
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
