help... proxy, cannot ping to Windows

[r_balest]

guys please help

this is the condition:

 

I built a Linux proxy server using Squid. I had 2 LAN Cards on it. the first one, connected to Switch [Local Area, IP 192.168.9.213]. the second one, connected to ADSL Modem, IP 192.168.254.2]

Now I can ping out from Linux to Windows XP Client [segment 192.168.9.xx] BUT I cannot ping from Windows to Linux...therefore, if I enter IP 192.168.9.213 as my proxy server at windows client, it won't connect to the Internet...

I have started samba service, though I don't know how to configure my firewall. do I configure the shorewall?

 

here's the network config for the first network card [Local Area]

IP : 192.168.9.213

Mask : 255.255.255.0

Gateway: -

 

[ADSL] - Second network card

IP : 192.168.254.2

Mask : 255.255.255.0

Gateway: 192.168.254.254

[michaelcole]

When you set up the proxy settings on the windows machine did you tell it the correct port.

 

The two computers seem to be actually communicating or the ping from the linux would not work.

 

Reason ping does not work the other way is that ping responses are most likely disabled by the standard firewall settings.

 

To configure Shorewall you will find half the files in /etc/shorewall/

 

some reference files in another directory i cannot think of it right now.

 

But you will see this in the files in that directory.

 

3127 or 3128 is the default port for squid i think.

 

If you are not sure first turn off the shorewall type as the root user

shorewall stop

 

then test then restart it again.

shorewall start

[r_balest]

@michael: thanks for the reply...

but I have even removed the shorewall service but stiill i couldn't ping from windows box to linux...

the logic is, if i can't even ping my linux box, then the proxy wont work right? now i have to do something so that windows box can recognize the linux network somehow...

[michaelcole]

if you are getting a reply from the Windows machine when you do a ping.. then the windows machine can find the server..

 

The other thing you may want to do is add a gateway to the windows box which is the internal ip address of the linux ( gateway- firewall - proxy ) machine.

 

Can you surf the web from the linux machine right now.

 

the other thing is you may not be able to surf as the windows machine cannot find the DNS record try an external IP address. such as 64.236.16.20 (www.cnn.com)

[r_balest]

no, i get a "Request time out" everytime i ping .

And I can browse to the internet from my Linux box without entering proxy or anything like that...

[michaelcole]

In your first comment you said you could ping to the WinXP box is that correct?

 

Check your gateway settings on the XP box and disable the XP firewall settings for the moment..

 

The gateway should be 192.168.9.213

 

On the linux box as root type

 

mcc

 

go to the networking icon and select share the internet connection with other local machines.

 

It should install any files you need and configure the settings for you after you go through the options.

 

then you should be able to from the XP machine ping an external IP address eg the CNN one i gave above.

 

and also surf the internet (With and without the squid proxy setting.)

 

you can then lock down surfing using the firewall so it all has to go through the Proxy.

 

try this... It worked for me in my other office.

[ianw1974]

If Linux is managing the connection, you don't need to use internet connection sharing in Windows XP. So don't attempt to share the connection on your XP boxes.

 

It's strange that you can't ping it. If they are in the same IP range/subnet, then they should work. Check your ip settings.

[r_balest]

hmm... michael and ian: believe it or not

I tried clicking the internet share connection on my LINUX box...and it worked...

i wonder... should i do this EVERYTIME?

 

o yeah: a bit off topic here: how do i turn off Kat Desktop Search Environment... it's bugging me... thanks guys...

[ianw1974]

The easiest and best way is:

 

urpme kat

 

it's a complete waste of time and best to remove.

 

If you've done the connection sharing in Linux, it should then allow you to work with this each and every time the system is restarted, or are you having problems with this and have to run it each time?

[r_balest]

no, i haven't restarted my linux box yet... too scared to restart it. i'm afraid it won't work anymore :P

btw, i wanna ask something

i have a client [windows xp] and she's downloading using bittorrent client [bitcomet] but i saw in the /var/log/squid/access.log

it's written:

 

1159565630.084 1 192.168.9.46 TCP_DENIED/403 1350 CONNECT tracker.prq.to:80 - NONE/- text/html

 

now, what should i do? please help...coz my boss want her to be able to download from torrent...

on the bitcomet i set the preference: proxy: 192.168.9.213 [my linux box] port 80, listen port : 9695

 

thanks a lot guys

[ianw1974]

You'd have to configure squid to allow the port through. Is the torrent downloading fine though?

[r_balest]

:) no, currently, she can't download a thing and i'm the one who get scolded if she can't download anything...:)

 

where should i allow the port, ian?

thanks

 

edit: umm...seemed that I didn't backup the original squid configuration...

can somebody please send it to me, the squid original configuration...

Thanks...

Edited November 8, 2006 by r_balest

[ianw1974]

With squid, you need to set access rules and stuff, you can look at /etc/squid/squid.conf and then look for http_access entries lower down the file from the middle down. Above this are access control lists that usually start:

 

acl name_of_list parameters

 

then you set a http_access for this acl to allow, and for what machines, etc.

[r_balest]

but how do i enter the port number 9596, ian?

can you please post the configuration here and if u can, please direct me to the original squid configuration file.

thanks

[ianw1974]

I'll have to take a look to remind myself, I'll post back shortly.