A Simple IP Chains rule question.

A Simple IP Chains rule question.

Post by Matt Darc » Mon, 25 Mar 2002 21:04:58



Hi groups.

I have a LAN setup like this.

1.) redhat linux 7.0 server running IP Chains. On this server there are 2
network cards, one connected to the internet with the IP address
217.34.194.x and one on the internal LAN with the IP address 10.11.216.x

I am also running squid for http proxy.

When my windows clients on the 10.11.216.x lan connect to chat.yahoo.co.uk I
get the webpage up and the login goes ok, but as the browser is loading the
chat room I get the error

Unable to connect to server try again in a few minutes.
The browser URL says
http://uk.chat.yahoo.com/?mesg=%3Cli%3EAn+error+occurred+when+the+app...
+communicating+with+the+chat+server.+Please+try+again+sometime+later.+%28con
nect%29

My IP Chains rules look like this

-A forward -s 10.11.216.0/24 -j MASQ
-A input -s 62.30.91.102/24 -d 0/0 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 62.30.91.102/24 -p tcp -y -j ACCEPT

What rule do I have to add to allow my 10.11.216.x clients to connect ???

Thanks,

Matt.

 
 
 

A Simple IP Chains rule question.

Post by walter hoolwe » Tue, 26 Mar 2002 05:27:32



> When my windows clients on the 10.11.216.x lan connect to chat.yahoo.co.uk I
> get the webpage up and the login goes ok, but as the browser is loading the
> chat room I get the error

> Unable to connect to server try again in a few minutes.
> The browser URL says
> http://uk.chat.yahoo.com/?mesg=%3Cli%3EAn+error+occurred+when+the+app...
> +communicating+with+the+chat+server.+Please+try+again+sometime+later.+%28con
> nect%29

> My IP Chains rules look like this

> -A forward -s 10.11.216.0/24 -j MASQ
> -A input -s 62.30.91.102/24 -d 0/0 -p tcp -y -j ACCEPT
> -A input -s 0/0 -d 62.30.91.102/24 -p tcp -y -j ACCEPT

> What rule do I have to add to allow my 10.11.216.x clients to connect ???

I don't think this is a rule, you have to add, but maybe you need to
load an extra module, probably the IRC module.

have a look at the masq howto at www.linuxdoc.org. The have an example
script. If you'd use that, all the nessesary modules get loaded
automatically, or you can just take a look, and copy and paste the
right module.

Good luck 2 you.

Regards, Walto.

---

msn:   ^^^^^^^^^^^^^

sysop en webmaster of:
       http://jacq.mine.nu

 
 
 

A Simple IP Chains rule question.

Post by dp » Tue, 26 Mar 2002 09:09:06


http://uk.chat.yahoo.com/?mesg=%3Cli%3EAn+error+occurred+when+the+app...
+communicating+with+the+chat+server.+Please+try+again+sometime+later.+%28con

Quote:>> nect%29

>> What rule do I have to add to allow my 10.11.216.x clients to connect ???

> I don't think this is a rule, you have to add, but maybe you need to
> load an extra module, probably the IRC module.

or install a SOCKS proxy daemon (like danted)

--
dp * choma co.
http://tokmindegy.mine.nu
http://www.roons.dyndns.org
linux kernel 2.4.19-pre3-ac6