>From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>I am using a linux 6.0 box for packet filtering. Same box is being used as
proxy
>server. I am using squid-2.2-stable4.
>I have define a ipchains rule
>
>ipchains -I input 1 -s sd.cache.nlanr.net -d sd.cache.nlanr.net -p all -j
DENY.
>
>Now the problem is
>1. sd.cache.nlanr.net is not getting restricted.
>2. Sometimes(not always) I am not able to browse internet using proxy or
>through ip-masquerading.
>3. I get a message saying host is not being allowed by sd.cache.nlanr.net
>site.
I'm not sure what you're trying to accomplish with the above rule. Basically
it looks like you're trying to get the sd.cache.nlanr.net not to accept
packets from itself. Now, unless your box is sd.cache.nlanr.net, this is a
futile rule. I am going to assume you want to stop packets from
sd.cache.nlanr.net from reaching *your* box, so the rule you probably want
is:
ipchains -I input 1 -s sd.cache.nlanr.net -d your.hostand.domain -p all -j
DENY
Also, just out of curiousity why are you doing IP-masquerading in addition
to using squid on the same box? Or are you switching between the two for
testing? If you can't get out using IP-masquerading and squid on an
occasional basis, it sounds like an intermittent connectivity problem.
Hope this helps.
--
Gene Lee
[EMAIL PROTECTED]
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
