[Ilugc] Problem in DNAT & Squid & DNS connectivity
- From: metturmohan2009@xxxxxxxxx (mettur salem)
- Date: Tue Sep 8 17:43:49 2009
Dear All,
Thanks for Mohan sundaram for the support
From Server Side,
1Yes Ping works contnously with External Static Ip
2.I Put DNS in Server But DNS having Problem able to ping from server
itself but not from clients
( I given static dns server ip in resolv.conf file then it is working name
resolution google.com yahoo.com generally it works well
3. From server side every thing works well
From Client Side
1. Able to Browse via squid ( but limited time only then Error State as
Connection time out, Network time out , at the same time i check in server
everything works well ie browsing)
some time client machine not able to ping the server IPs ( limited time
only ) while activate server as a router able to ping static ip like
google, yahoo from cleints ,
2. Not able to send Mails via outlook
3. 10 minutes or 8 minutes automatically not able to connect with server
ips
4. yahoo, google. gmail are not able to ping from client side
5 here i attached the output of iptables iformation
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
to:172.16.2.2:8080
2 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
redir ports 8080
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Table: filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags
0 level 4
5 DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Note :
My Requirement is All windows get Internet , Remote Desktop, Team
viewer, Skype, via linux only linux is the Ruler
I am not use any Domain based login From client side ( this is the
Later Implementation )
Expect your Positive suggestion
with Regards,
Mettur Mohan
09715407268
On Mon, Sep 7, 2009 at 10:58 PM, mettur salem<metturmohan2009@xxxxxxxxx>
wrote:
1.still i have problem in internet connectivity ( network connection
timeout internet is via squid proxy server )
2. so i stoped the firewall now not net connecitivity problem but Remote
desktop connection not able to do from windows pc (ie, (not able)
packets
are moved to reach linux server and going outside )
Turning off the firewall is not the solution. Configure the firewall
to allow outgoing HTTP/HTTPS connections. So also SMTP/POP3.
3. outlook mails are not able to delivered I installed the proxy address
(
smtp mail.parveen.com , pop3 mail.parveen .com )
4. so i put dns in server and checked still i am not able to send and
receive the outlook mails via linux server
5. i checked the squid logs files no packets regarding the mail
information only web caching is working well via squid proxy
Squid is not a SMTP/POP proxy and so you will not see that.
Furthermore, you are only doing a redirect for HTTP to squid. How
would SMTP or POP go thro' a proxy (if installed) for those protocols?
I expect your valuable suggestion I thank to all especially arun sag his
mail in burntomlete in squid is super thanks ( i like load balancing but
now
i am not move there still i have problem )
You'll need to go thro' this resolution in a systematic manner. Stop,
resolve a step and then proceed.
1. Check if server's internet connection is working properly. Can be
verified by pinging an external IP.
2. Check if name resolution works properly on the server. Can be
verified by pinging a name like yahoo.com.
3. Check if firewall allows HTTP(s)/POP(s)/SMTP(s)/RDP by trying the
.>browser, RDP client and mail client like Thunderbird on the server
This clears the server side. Next, lets come to the client.
1. Ping the server IP and check it is reachable. Am assuming that
machine is also configured as your gateway.
2. Try nslookup to see if names get resolved. If not, check your DNS
client config. If you are using the server as your client's DNS
server, check the DNS server configuration on this step's failure.
3. Try pinging yahoo.com. If it does not work, check SNAT
configuration on server.
4. Am assuming your transparent proxy works well as you've stated that
browsing works.
5. Now check the mail client on the LAN client. Configure the external
mail server names for SMTP and POP. make sure you have the relevant
auth settings turned on.
-- Mohan Sundaram
Other related posts: