Search squid archive

[squid-users] Squid + poptop and iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Squid list,

I am facing a strange problem here .. there is a box with 3 IPs.

1. 192.168.10.1 (common gateway)
2. 192.168.30.1/24 (assigned via dhcpd to 210 users on LAN)
3. 202.x.x.x (downlink ip)

If i put 192.168.10.1 ip pool assignment via dhcpd then all works fine. Squid is blocking 192.168.30.1 IP pool so that after vpn authentication via pptpd (poptop), users get 192.168.10.2/24 pool IPs and their browsing starts. But when i use 192.168.30.1/24 pool, it doesnt work at all. Let me paste the dhcpd and other conf here:


[root@cable root]# cat /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;

subnet 192.168.10.0 netmask 255.255.255.0 {
        server-name "x.x.net.hu";
        # --- default gateway
        option routers 192.168.10.1;
        option subnet-mask 255.255.255.0;
        # option nis-domain               "x.x.net.hu";
        option domain-name "buraak.net.pk";
        option domain-name-servers 192.168.10.1;
        option time-offset -18000;
        range dynamic-bootp 192.168.10.16 192.168.10.254;
        default-lease-time 345600;
        max-lease-time 345600;
        }


[root@cable root]# service iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Table: filter
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Table: nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  192.168.10.0/24      anywhere           tcp dpt:http redir ports 8080

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.10.0/24      anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination



some squid conf---

acl mynet1  src 202.133.44.0/255.255.255.0
acl mynet2  src 192.168.10.0/255.255.255.0
acl mynet3  src 192.168.20.0/255.255.255.0
acl mynet4  src 192.168.30.4/255.255.255.0
acl vpnips  src 10.0.0.0/255.255.255.255

http_access allow vpn
http_access allow mynet1
http_access allow mynet2
http_access allow mynet3
http_access deny mynet4


i would appreciate the solution with some examples in this scenatio. thanks.

regards,
KG
-- 
_______________________________________________
Graffiti.net free e-mail @ www.graffiti.net
Check out our value-added Premium features, such as a 1 GB mailbox for just US$9.95 per year!


Powered by Outblaze
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux