DNS is already accepted on my shorewall rules file, here is the complete file, I dont know why I didnt post it complete earlier.
############################################################################################################# #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK # PORT PORT(S) DEST LIMIT GROUP # # Accept DNS connections from the firewall to the network # DNS(ACCEPT) $FW net # # Accept SSH connections from the local network for administration # SSH(ACCEPT) loc $FW # # Allow Ping from the local network # Ping(ACCEPT) loc $FW # # Drop Ping from the "bad" net zone.. and prevent your log from being flooded.. # Ping(DROP) net $FW REDIRECT loc 3128 tcp www - ACCEPT $FW net tcp www ACCEPT $FW loc icmp ACCEPT $FW net icmp ################################################# As you can see, DNS is already there also. Any other tips? @nikolay: Really? more complicated than Iptables? I find it easy to configure access rules here, only problem I have had is this one. With iptables I tried to get the transparent proxy working but couldnt (i got the full command and ran it, didnt do anything). I tried with the following commands iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 eth0 is my LAN and eth1 is connected to the internet. IP address is just for the example, my internal network uses a different range than that one. I would really like to get this working but I have no idea whats wrong, this kind of issues im sure Is one of those wtf problems that can be solved with a simple solution. Hope it helps and thanks again. 2011/4/5 Николай Федосов <nikolay.fedo...@gmail.com> > My proposal is to change the order of your rules... > > But the true way is to : apt-get purge shorewall (it is very complicated, > more complicatated than iptables) > > 05.04.2011 13:29, Diego Xirinachs пишет: > > >> My /etc/shorewall/rules are setup with this ACCEPT and REDIRECT rules: > >> > >> #ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE > ORIGINAL > >> # PORT(S) DEST > >> REDIRECT loc 3128 tcp www - > >> > >> ACCEPT $FW net tcp www > > > -- > ubuntu-server mailing list > ubuntu-server@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > More info: https://wiki.ubuntu.com/ServerTeam > -- X1R1
-- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
