ok
firstly i need to know a few things because you were a little vague with your
description of the problems.
when
you say you cannot ping any ip addresses outside the firewall does this mean you
are trying to ping the address from a machine inside the firewall, or from the
machine that is directly connected to the internet. if you mean the first option
then chances are Masquerading isn't turned on. whats happening is when you try
to ping a host outside you network, you may see your modem flash as the packets
go out but you dont see flashing as packets come in...thats because the external
host has no way of contacting your machine inside your
firewall.
if
your machine has the address 192.168.1.2 and you try to ping www.hotmail.com then, as long as you have
routing enabled on the gateway/firewall, the gateway/firewall will send the ping
request out on the external interface but will maintain the source address as
192.168.1.2 and because of this there's no way that external host can return the
message back to the originator unless masquerading is
configured.
Masquerading would simply replace the source address with the address of
the external interface of the gateway. i know thats a little
vague..sorry.
The
other option is that your firewall may not even have forwarding
configured...this means that nothing from internal clients would be sent out on
the external interface which could explain why you cant ping, telnet, or FTP and
possibly why you cant access you email server.
the
second problem is that it looks like you may not have dns configured properly...
I have no idea what errors your email server is generating but maybe its domain
related which might also explain why squid takes so long to retrieve
sites.
This
may or may not work but try running /etc/rc.d/init.d/named
start
I once
had the same problem as you...squid taking ages to retrieve sites...i started
named and it worked fine. Another fix may be to double check your dns
settings.
if you
have a dialup internet account then you could possibly get away with leaving
your dns settings blank that way when your dialup connection is established the
settings will be retrieved from the dialup server.
You
should also double check your ACL entries. this defines who is allowed to use
squid to surf the web, or download stuff, or what ever...
basically it looks like:
acl
lan src 192.168.0.0/255.255.0.0
http_access allow lan
what
do you use this machine for? why did you install RedHat 7.2? what did it used to
have installed? maybe if it was working before and not now then you over looked
something during the RedHat setup.
If its
is quite simply a gateway/firewall and nothing much else then maybe you should
think about using something like E-smith (now known as SME), or smooth wall..it
does all the firewall configuration for you, mail server configuration,
etc...
its
really quite good...i can supply a copy if you need.
Anyway
i hope this helps you understand a little better. I cant provide immediate
solutions to the problems partly because i dont know anywhere near enough about
whats actually happening, or what error codes your getting, and because i need
to know more about your setup.
Best
of luck
|
- [SLUG] Squid/Firewall Helpppppp (Please) Chrisj
- Chris Barnes