'squid behind SuSEfirewall using an ADSL connection'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-security
Subject:    squid behind SuSEfirewall using an ADSL connection
From:       Volker Widlok <volker.widlok () verizon ! net>
Date:       2001-04-27 23:08:49
[Download RAW message or body]

Hi,

I was running in the following trouble. At first a systemdescription:
SuSE 7.1 Kernel 2.2.18 (not recompiled), squid 2.3STABLE4, Ethernet to 
DSL-Modem using pppoed,
Network Devices: eth0 Intranet, eth1 - ppp0 Internet.
Everything works fine after startup the system and connecting to my provider
using the "Internet Dial-In" . Firewall and squid are comming up 
automatically at
boottime (controlled by rc.config) but the dialup itself is done manually 
(using the icon down right in KDE2 after configuring ADSL with yast2).
My provider (Verizon) have no Proxy, but two DNS-Servers. All entries are
done properly after dialin (/etc/resolv.conf etc.).
So, when I disconnect, using this icon down right (or stopping the pppoe 
service on commandline) and reconnecting I have no response from the internet 
and I receive the following in my "/var/log/messages":

Apr 27 16:56:37 l7boston kernel: Packet log: input DENY ppp0 PROTO=17 
151.202.0.84:53 151.203.123.246:1077 L=246 S=0x00 I=48363 F=0x4000 T=248 
(#112)

repeat interval is about 5 seconds.

Seems to be fine because my firewall works pretty good - too good.
So, I tried the following:
1. restarting squid -> everything works fine
2. When I cut the connection (without doing '1.') and edit my 
"/etc/rc.config.d/firewall.rc.config" making the follwoing adjustment: 
FW_SERVICES_EXTERNAL_UDP="1077" (the port rejected from firewall in the 
messages file) and reconnect, everithing works fine. 
3. restarting squid after doing '2.' results in the following message

Apr 27 16:56:37 l7boston kernel: Packet log: input DENY ppp0 PROTO=17 
151.202.0.84:53 151.203.123.246:1078 L=246 S=0x00 I=48363 F=0x4000 T=248 
(#112)

Look at the port. At this time it is 1078.

When I try commandline tools like nslookup it works. I can change the browser 
settings (netscape or konqueror) to direct internet connection and everything
works fine.

Who knows a solution or is that a feature ?

best regards (oder auch viele Gruesse)
Volker

--
volker.widlok@verizon.net
Peabody, MA 01960

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic