[squid-users] Squid + poptop and iptables from kavos gabor on 2005-04-06 (squid-users)

From: kavos gabor <picard@dont-contact.us>
Date: Wed, 06 Apr 2005 13:20:38 +0500

Hi Squid list,

I am facing a strange problem here .. there is a box with 3 IPs.

1. 192.168.10.1 (common gateway)
2. 192.168.30.1/24 (assigned via dhcpd to 210 users on LAN)
3. 202.x.x.x (downlink ip)

If i put 192.168.10.1 ip pool assignment via dhcpd then all works fine. Squid is blocking 192.168.30.1 IP pool so that after vpn authentication via pptpd (poptop), users get 192.168.10.2/24 pool IPs and their browsing starts. But when i use 192.168.30.1/24 pool, it doesnt work at all. Let me paste the dhcpd and other conf here:

[root@cable root]# cat /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;

subnet 192.168.10.0 netmask 255.255.255.0 {
        server-name "x.x.net.hu";
        # --- default gateway
        option routers 192.168.10.1;
        option subnet-mask 255.255.255.0;
        # option nis-domain "x.x.net.hu";
        option domain-name "buraak.net.pk";
        option domain-name-servers 192.168.10.1;
        option time-offset -18000;
        range dynamic-bootp 192.168.10.16 192.168.10.254;
        default-lease-time 345600;
        max-lease-time 345600;
        }

[root@cable root]# service iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Table: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 192.168.10.0/24 anywhere tcp dpt:http redir ports 8080

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.10.0/24 anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

some squid conf---

acl mynet1 src 202.133.44.0/255.255.255.0
acl mynet2 src 192.168.10.0/255.255.255.0
acl mynet3 src 192.168.20.0/255.255.255.0
acl mynet4 src 192.168.30.4/255.255.255.0
acl vpnips src 10.0.0.0/255.255.255.255

http_access allow vpn
http_access allow mynet1
http_access allow mynet2
http_access allow mynet3
http_access deny mynet4

i would appreciate the solution with some examples in this scenatio. thanks.

regards,
KG

-- 
_______________________________________________
Graffiti.net free e-mail @ www.graffiti.net
Check out our value-added Premium features, such as a 1 GB mailbox for just US$9.95 per year!
Powered by Outblaze

Received on Wed Apr 06 2005 - 02:20:18 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT