I dont know what is the connection tracking. I just saw in another questions-reply and i set it up but it didnt help. Do you know what ports should i enabled for the squid???? This is my main problem. Nobody using his firewall with proxy in the same time in same pc?
> > feladó: [EMAIL PROTECTED] > dátum: 2005/07/06 Wed PM 05:53:49 CEST > címzett: [EMAIL PROTECTED] > tárgy: Re: Re: Iptables, Squid. > > > Looks like your squid is up (it generates the error message you see on > IE). If I were you, I would try using 'telnet www.google.com 80' on > your machine named FIREWALL, and see tcpdump/ethereal/tethereal's > output. From there it would be quite easy to see where the problem is. > > As far as I can tell, you must have connection tracking enabled if you > are going to use -m state --state blah. Are you using connection > tracking? > > Regards, > > -- > Gonzalo A. Arana > Coordinador de Planificacion y Desarrollo > UOL Sinectis S.A. > Florida 537 piso 6 > C1005AAK - Buenos Aires > http://www.uolsinectis.com.ar/ > > > > Citado por [EMAIL PROTECTED]: > > > This is the error message in IExplorer > > -------------------------------------------------- > > ERROR > > The requested URL could not be retrieved > > > > > > > > While trying to retrieve the URL: http://www.google.com/ > > > > The following error was encountered: > > > > Connection Failed > > The system returned: > > > > (110) Connection timed outThe remote host or network may be down. > > Please try the request again. > > > > Your cache administrator is [EMAIL PROTECTED] > > > > > > > > Generated Wed, 06 Jul 2005 12:40:41 GMT by FIREWALL (squid/2.5.STABLE9) > > > > ----------------------------------------------------------- > > > > This is my iptables chain list > > ---------------------------------------------------------- > > # Generated by iptables-save v1.2.11 on Wed Jul 6 14:49:51 2005 > > *nat > > :PREROUTING ACCEPT [3673:754201] > > :POSTROUTING ACCEPT [72:4099] > > :OUTPUT ACCEPT [45:3030] > > COMMIT > > # Completed on Wed Jul 6 14:49:51 2005 > > # Generated by iptables-save v1.2.11 on Wed Jul 6 14:49:51 2005 > > *filter > > :INPUT DROP [5503:490890] > > :FORWARD DROP [44:2136] > > :OUTPUT DROP [118:10656] > > :ipac~fi - [0:0] > > :ipac~fo - [0:0] > > :ipac~i - [0:0] > > :ipac~o - [0:0] > > -A INPUT -i 127.0.0.1 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT > > -A INPUT -p udp -m udp --dport 53 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT > > -A INPUT -p tcp -m tcp --sport 3128 -j ACCEPT > > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > -A INPUT -p tcp -m tcp --sport 3130 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 3130 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 3130 -j ACCEPT > > -A FORWARD -p tcp -m tcp --sport 80 -j ACCEPT > > -A FORWARD -p tcp -m tcp --dport 80 -j ACCEPT > > -A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT > > -A FORWARD -p udp -m udp --dport 53 -j ACCEPT > > -A OUTPUT -o 127.0.0.1 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT > > -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT > > -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > COMMIT > > # Completed on Wed Jul 6 14:49:51 2005 > > --------------------------------------------------------- > > > > I enabled all the traffic fog the firewall himself and it is working > > now but in this way the firewall is not firewall for the firewall > > just for LAN. Because there is no chains on it just on the network. > > > > > > > > > >> > >> feladó: [EMAIL PROTECTED] > >> dátum: 2005/07/06 Wed PM 02:27:08 CEST > >> címzett: [EMAIL PROTECTED] > >> tárgy: Re: Iptables, Squid. > >> > >> > >> Hi, > >> > >> I guess this is a question for either netfilter-users or squid-users. > >> > >> Anyway, you should post the exact error message you are getting; and > >> your netfilter configuration (with your real ip addresses stripped) > >> would be useful to give you any pointers. I guess you are running > >> iptables and squid in the same machine. > >> > >> Squid may complain if it can't resolv it's hostname. Usually this is > >> fixed by modifying /etc/hosts (at least in linux). This is the format > >> I use: > >> > >> 1.1.1.1 full.host.name short > >> 127.0.0.1 localhost.localdomain localhost > >> > >> where 1.1.1.1 should be your eth0's ip address. If you have more than > >> one interface, all ip addresses should be listed in /etc/hosts. > >> > >> Hope this helps, > >> > >> Gonzalo Arana > >> > >> Citado por [EMAIL PROTECTED]: > >> > > >> > > >> > Hi all! > >> > > >> > What should I do how the squid and the iptables work together. > >> > &[EMAIL PROTECTED]>;* > >> > If i turn of the Squid the net working properly with the iptables > >> > chains. If i turn on the squid it is down then and there is an error > >> > message how cant resolve the IP. I think there is a built in DNS > >> > program in the squid or something what can communicate with the world > >> > because of the Iptables what has got a DROP default value. > >> > What ports should i enable in the iptables for the squid? I already > >> > enabled the 53 tcp and dns to the DNS Query and it is working > >> > properly under win. I already enabled the 3128 port too. But it isnt > >> > working. > >> > Could somebody help? > >> > > >> > Zozo. > >> > > >> > > >> > -- > >> > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > >> > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > ian > >> .org > >> > > >> > > >> > > >> > >> > >> > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
