Topic: please help - no internet access to LAN PC's

[SoftDux]

Hi all,

I have installed Dansguardian, which worked for a few days, but after a while I noticed that internet access in general was very slow. So I though I'd uninstall it, but it seems I've totally fscked up the server.

Now, no PC on the network can access the internet. I can't even ping a site / IP on the internet from one of the networked PC's.

I've reset the server to server only mode, and then back to private server & gateway mode, but still no luck.

Can someone please tell me how I can reset the network settings, without reinstalling the server?

[Stefano]

Softdux: from the number of your posts I guess you are not a SME newbie and, of course, a forum newbie..

so.. how do you think we can help you if you don't give any details?

can you ping any site form SME?
did you change anything related to iptables?
why did you uninstall dansguardian without trying to diagnosethe problem?

not to be rude, but if you describe yourself as "The Leaders in Software & Networking" I expect a more professional attitude from you.

Ciao
Stefano

[SoftDux]

What is interesting, is that from the server I can ping any host on the internet, but I can't access that website using lynx / links.

I also can't ping any IP on the internet from any PC on the LAN, even though I have reset the server into Private Server & Gateway mode. So, though I want to think it's a firewall issue, I'm not quite sure.

[SoftDux]

Hi stefano,

As your message says, build a system that only a fool can use

No offence, but there are a lot of internal code of SME that I don't like playing with, for various reasons. I don't have the time to try and debug the dansguardian problem and since it's something I've never used before I'd rather remove it. But, now I'm sitting with a "big white elephant". Ideally I would prefer to fix the problem without reinstalling the server (there's about 450GB's worth of data which I can't move anywhere right now). I'm between offices and this one is in a doctor's practice, where I don't spend a lot of time.

I didn't change the firewall, I purely uninstalled dansguardian (there isn't any official way of doing it, so I did rpm -e dansguardian). But this left me with worse problems.

[Stefano]

I didn't change the firewall, I purely uninstalled dansguardian (there isn't any official way of doing it, so I did rpm -e dansguardian). But this left me with worse problems.

maybe you mean

Code: [Select]

rpm -e smeserver-dansguardian
?

what's the output of

Code: [Select]

rpm -qa | grep dans
?

HTH
Ciao
Stefano

[SoftDux]

Yes, sorry.

root@intranet:[~]$ rpm -qa | grep dans
warning: only V3 signatures can be verified, skipping V4 signature
warning: only V3 signatures can be verified, skipping V4 signature
warning: only V3 signatures can be verified, skipping V4 signature
warning: only V3 signatures can be verified, skipping V4 signature

Here's something else which is also interesting:

root@intranet:[~]$ /etc/rc.d/init.d/masq restart

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
done

So, how do I fix that? I don't know if this is the case, but I think that could be the problem?

[CharlieBrady]

I have installed Dansguardian ...

Off-topic for this forum.

[janet]

SoftDux

As indicated in another post you would also need to do
rpm -e smeserver-dansguardian
as well as doing
rpm -e dansguardian
and then you would also need to undo any db commands or setting changes made in relation to configuring Dansguardian on that server.
Read the Wiki Contrib article for details of reverting settings back to standard
http://wiki.contribs.org/Dansguardian
and in particular I'm thinking of
http://wiki.contribs.org/Dansguardian#Modifying_Firewall_and_Proxy

and of course any other tweaking you did that you have not told us about.

[chris burnat]

Moving to Contribution section where it is more appropriate.

[SoftDux]

Off-topic for this forum.

I don't understand what you mean?

[SoftDux]

SoftDux

As indicated in another post you would also need to do
rpm -e smeserver-dansguardian
as well as doing
rpm -e dansguardian
and then you would also need to undo any db commands or setting changes made in relation to configuring Dansguardian on that server.
Read the Wiki Contrin article for details of reverting settings back to standard
http://wiki.contribs.org/Dansguardian
and in particular I'm thinking of
http://wiki.contribs.org/Dansguardian#Modifying_Firewall_and_Proxy

and of course any other tweaking you did that you have not told us about.

Hi mary,

Yes, I've uninstalled both dansguardian & smeserver-dansguardian using rpm (as I couldn't find any other documented way of removing them). I also went ahead and undid any db commands performed, but it still doesn't help.

Did you see the error I posted above, about the modules missing when trying to run masq manually? I do have a feeling, looking at what works and doesn't work, that masqurading isn't working. But the question is, how do I fix the masqurading part?

[janet]

SoftDux

I've reset the server to server only mode, and then back to private server & gateway mode, but still no luck.

Perhaps change your server back to gateway server mode, which I assume was the mode it was originally in.
I don't know why you thought changing modes was going to achieve a fix to your problem, seems an odd way to troubleshoot.

[janet]

SoftDux

What does this show ?
/etc/init.d/masq status

[SoftDux]

SoftDux

Perhaps change your server back to gateway server mode, which I assume was the mode it was originally in.
I don't know why you thought changing modes was going to achieve a fix to your problem, seems an odd way to troubleshoot.

Well, for one I thought that changing it from gateway mode to server only mode, and back again would restore all the masquarading & filewall rules to it's default state. But you're right, it doesn't fix the problem though. I can change between gateway & server mode as many times as I like and it doesn't help

[SoftDux]

SoftDux

What does this show ?
/etc/init.d/masq status

Here's the full list:

Aroot@intranet:[~]$ /etc/init.d/masq status
Table: filter
Chain INPUT (policy DROP)
target     prot opt source               destination
state_chk  all  --  0.0.0.0/0            0.0.0.0/0
local_chk  all  --  0.0.0.0/0            0.0.0.0/0
PPPconn    all  --  0.0.0.0/0            0.0.0.0/0
denylog    all  --  224.0.0.0/4          0.0.0.0/0
denylog    all  --  0.0.0.0/0            224.0.0.0/4
DROP       all  --  89.123.129.102       0.0.0.0/0
DROP       all  --  89.123.129.102       0.0.0.0/0
InboundICMP  icmp --  0.0.0.0/0            0.0.0.0/0
denylog    icmp --  0.0.0.0/0            0.0.0.0/0
InboundTCP  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x0                                           2
denylog    tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x02                                           
InboundUDP  udp  --  0.0.0.0/0            0.0.0.0/0
denylog    udp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spts:67:68
gre-in     47   --  0.0.0.0/0            0.0.0.0/0
denylog    47   --  0.0.0.0/0            0.0.0.0/0
denylog    all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
state_chk  all  --  0.0.0.0/0            0.0.0.0/0
local_chk  all  --  0.0.0.0/0            0.0.0.0/0
ForwardedTCP  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0                                           x02
ForwardedUDP  udp  --  0.0.0.0/0            0.0.0.0/0
denylog    all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
PPPconn    all  --  0.0.0.0/0            0.0.0.0/0
denylog    all  --  224.0.0.0/4          0.0.0.0/0
denylog    all  --  0.0.0.0/0            224.0.0.0/4
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain ForwardedTCP (1 references)
target     prot opt source               destination
ForwardedTCP_5994  all  --  0.0.0.0/0            0.0.0.0/0
denylog    tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x02                                           

Chain ForwardedTCP_5994 (1 references)
target     prot opt source               destination

Chain ForwardedUDP (1 references)
target     prot opt source               destination
ForwardedUDP_5994  all  --  0.0.0.0/0            0.0.0.0/0
denylog    udp  --  0.0.0.0/0            0.0.0.0/0

Chain ForwardedUDP_5994 (1 references)
target     prot opt source               destination

Chain InboundICMP (1 references)
target     prot opt source               destination
InboundICMP_5994  all  --  0.0.0.0/0            0.0.0.0/0
denylog    icmp --  0.0.0.0/0            0.0.0.0/0

Chain InboundICMP_5994 (1 references)
target     prot opt source               destination
denylog    icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 4
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 12
denylog    all  --  0.0.0.0/0            0.0.0.0/0

Chain InboundTCP (1 references)
target     prot opt source               destination
InboundTCP_5994  all  --  0.0.0.0/0            0.0.0.0/0
denylog    tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x16/0x02                                           

Chain InboundTCP_5994 (1 references)
target     prot opt source               destination
denylog    all  --  0.0.0.0/0           !192.168.1.1
REJECT     tcp  --  0.0.0.0/0            192.168.1.1         tcp dpt:113 reject-                                           with tcp-reset
denylog    tcp  --  89.123.129.102       192.168.1.1         tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            192.168.1.1         tcp dpt:3000
ACCEPT     tcp  --  0.0.0.0/0            192.168.1.1         tcp dpt:1723

Chain InboundUDP (1 references)
target     prot opt source               destination
InboundUDP_5994  all  --  0.0.0.0/0            0.0.0.0/0
denylog    udp  --  0.0.0.0/0            0.0.0.0/0

Chain InboundUDP_5994 (1 references)
target     prot opt source               destination
denylog    all  --  0.0.0.0/0           !192.168.1.1

Chain PPPconn (2 references)
target     prot opt source               destination
PPPconn_1  all  --  0.0.0.0/0            0.0.0.0/0

Chain PPPconn_1 (1 references)
target     prot opt source               destination

Chain denylog (21 references)
target     prot opt source               destination
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:520
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp dpts:137:139
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:137:139
ULOG       all  --  0.0.0.0/0            0.0.0.0/0           ULOG copy_range 0 n                                           lgroup 1 prefix `denylog:' queue_threshold 1
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain gre-in (1 references)
target     prot opt source               destination
denylog    all  --  0.0.0.0/0           !192.168.1.1
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain local_chk (2 references)
target     prot opt source               destination
local_chk_5994  all  --  0.0.0.0/0            0.0.0.0/0

Chain local_chk_5994 (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  192.168.10.0/24      0.0.0.0/0

Chain state_chk (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTAB                                           LISHED
Table: nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Table: mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

[SoftDux]

Oh, and before I forget,

my internal LAN is 192.168.10.0/24 & external is 192.168.1.0/24

[chris burnat]

I don't understand what you mean?

I will save Charlie some of his time and reply on his behalf.  You had originally posted in the SME7.x forum.  This forum is dedicated (strictly) to issues, questions (etc) about the core packages making SME - what you have on the CD if you wish. The minute you install a package not included in the distribution, i.e. Dans, you should post into the sme7.x Contribs section.  No worries, I moved your topic, all is well.

[Knuddi]

Maybe smeserver-dansguardian didn't clean up masq completely. Try to disable the port blocking with:

Code: [Select]

config setprop squid TransparentPort 3128
config setprop squid Transparent no
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot
It places a template in /etc/e-smith/templates/etc/rc.d/init.d/masq called 90local_chk40networks

Does it still exist?

[Knuddi]

Another suggestion... You didn't configure (force) all the clients to use a proxy as suggested on the wiki and now the proxy is disabled??

[SoftDux]

I will save Charlie some of his time and reply on his behalf.  You had originally posted in the SME7.x forum.  This forum is dedicated (strictly) to issues, questions (etc) about the core packages making SME - what you have on the CD if you wish. The minute you install a package not included in the distribution, i.e. Dans, you should post into the sme7.x Contribs section.  No worries, I moved your topic, all is well.

Thanx Chris,

I thought that since I removed Dansguardian and I want to fix the SME problem, without DansGuardian installed that it would have been fine in the SME forum

[SoftDux]

Another suggestion... You didn't configure (force) all the clients to use a proxy as suggested on the wiki and now the proxy is disabled??

Hi,

No, for simplicity reasons I didn't specify any proxy settings on the clients and relied on the transparent proxy setup.

But as I said, I don't think this is a problem with the proxy. No internet access (i.e. web / email / ftp / ping / remote desktop / etc) is working from any of the LAN PC's, and it seems like a routing / masquerading problem. I did reconfigure the server to server only more, rebooted, and then reconfigured it back to gateway mode, hoping it would fix the IP masquerading problem, but it didn't. When I manually start / restart masq (service restart masq), I get the following error:

root@intranet:[~]$ /etc/rc.d/init.d/masq restart

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
done

So, somewhere it's missing some firewall / ip masquerading / ip forwarding rules, but I don't know which or where.

[SoftDux]

Maybe smeserver-dansguardian didn't clean up masq completely. Try to disable the port blocking with:

Code: [Select]

config setprop squid TransparentPort 3128
config setprop squid Transparent no
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot
It places a template in /etc/e-smith/templates/etc/rc.d/init.d/masq called 90local_chk40networks

Does it still exist?

Unfortunately I can't SSH into the server from the office right now, but I'll go over to the client again a bit later today and try your suggestions. Thanx

[CharlieBrady]

I don't understand what you mean?

The subject of the SME Server 7.x forum is:

 Discussion of the use of *ONLY* the components and features included on the SME
 Server 7.x CD.

As soon as you mention "dansguardian" your post is off-topic for the SME Server 7.x forum.

I don't think I can make it any clearer than that.

[SoftDux]

Maybe smeserver-dansguardian didn't clean up masq completely. Try to disable the port blocking with:

Code: [Select]

config setprop squid TransparentPort 3128
config setprop squid Transparent no
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot
It places a template in /etc/e-smith/templates/etc/rc.d/init.d/masq called 90local_chk40networks

Does it still exist?

Sadly this didn't work either

[Knuddi]

Maybe the templates are messed up. Does:

expand-template /etc/rc.d/init.d/masq

Give any errors (or any output)?

[SoftDux]

Maybe the templates are messed up.

That's what I'm thinking as well, but I don't know how to fix the corrupted template. And it seems like changing from gateway mode, to server move, back to gateway mode doesn't fix the template either.

 Does:

expand-template /etc/rc.d/init.d/masq

Give any errors (or any output)?

I get no error, nor any output. Is it supposed to give output?

root@intranet:[~]$ expand-template /etc/rc.d/init.d/masq
root@intranet:[~]$

[janet]

SoftDux

You have said:

I can't even ping a site / IP on the internet from one of the networked PC's....
I also can't ping any IP on the internet from any PC on the LAN...
No internet access (i.e. web / email / ftp / ping / remote desktop / etc) is working from any of the LAN PC's

This seems more like basic networking issues.
Are the server and workstations on the same workgroup and/or domain name ?
Are they also on the same network address range ie 192.168.10.xx

Can workstations ping the server ?

What is your network arrangement ?

Are the workstations set to auto detect the DHCP server and WINS server etc Are the workstations correctly setup to use sme server as the gateway

On a workstation, what does this show (from a DOS prompt) ?
ipconfig /all

[janet]

Knuddi & SoftDux

config setprop squid Transparent no
signal-event post-upgrade; signal-event reboot

That is incorrect.
It should be:

To return Transparent Proxy port to default value and to disable portblocking and to enable the Transparent proxy (which is the sme default)

config setprop squid TransparentPort 3128
config setprop squid Transparent yes
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot


Note that the sme server default setting for transparent proxy is yes, as determined by the base code/templates when there is no actual db entry for the squid Transparent setting.

So if you wish to have a db setting then it should be yes rather than no

Doing
config delprop squid Transparent
signal-event post-upgrade; signal-event reboot

will achieve the same result ie Transparent proxy is enabled (=yes) due to the default template behaviour


Ray has fixed the wiki article

[mazkot]

Hi,

I experienced this problem sometimes. what i usually do is just restart the server and the switches.
7.4 (but this server has been updated from 7.1)
Server-gateway mode
DHCP
Dansguardian
Proxy

for unknown reason or i just don't know where to look there are times that there is some kind of bottleneck in the connection. And restarting the server and switches fixes it.

[SoftDux]

SoftDux

You have said:

This seems more like basic networking issues.
Are the server and workstations on the same workgroup and/or domain name ?
Are they also on the same network address range ie 192.168.10.xx

Can workstations ping the server ?

What is your network arrangement ?

Are the workstations set to auto detect the DHCP server and WINS server etc Are the workstations correctly setup to use sme server as the gateway

On a workstation, what does this show (from a DOS prompt) ?
ipconfig /all

Hi Mary, I realize you are trying to help, but you're looking past the problem. It's not a transparent proxy problem, nor is a it a basic network problem.


The problem lies with the IP masquerading template, which doesn't load at all.

As I said, when I load masq manually, I get the following error:

/sbin/e-smith/config setprop masq Stealth yes
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq

If IP masquerading doesn't work, then no networking functions between computers on the LAN and the internet will function. I want to know how to fix this particular script so that it loads without an error. Does anyone know how to fix this particular problem? Forget about Transparent Proxy. Email doesn't work, FTP doesn't work, SSH doesn't work, Remote Desktop / VNC doesn't work, in fact, every internet related service doesn't work.

[SoftDux]

Knuddi & SoftDux

That is incorrect.
It should be:

To return Transparent Proxy port to default value and to disable portblocking and to enable the Transparent proxy (which is the sme default)

config setprop squid TransparentPort 3128
config setprop squid Transparent yes
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot


Note that the sme server default setting for transparent proxy is yes, as determined by the base code/templates when there is no actual db entry for the squid Transparent setting.

So if you wish to have a db setting then it should be yes rather than no

Doing
config delprop squid Transparent
signal-event post-upgrade; signal-event reboot

will achieve the same result ie Transparent proxy is enabled (=yes) due to the default template behaviour


Ray has fixed the wiki article

Mary, this isn't a problem with the transparent proxy, it's a problem with internet access to all services. Please see my previous replies as to where the problem lies. I just don't know how to fix it. And by reconfiguring the server between server & gateway mode doesn't fix it either.

How do I reset the masq template to default?

[janet]

SoftDux

Re Transparent proxy, I was correcting Knuddi's advice.

If you follow sme concepts then you would delete any masq custom templates, expand & restart.

If you have changed the default masq templates then you are the only one who can fix them, I suggest comparing with another known good server.

[SoftDux]

SoftDux

Re Transparent proxy, I was correcting Knuddi's advice.

If you follow sme concepts then you would delete any masq custom templates, expand & restart.

If you have changed the default masq templates then you are the only one who can fix them, I suggest comparing with another known good server.

Mary,you make it sound like I did this on purpose, and that I'm 12years old! Thank you for your advice, I'll just format it.

[janet]

SoftDux

Mary,you make it sound like I did this on purpose, and that I'm 12years old!

Oh dear oh me, another touchy customer !

[SoftDux]

If you follow sme concepts then you would delete any masq custom templates, expand & restart.

Would you mind telling me which template to delete. I don't like doing this, but if it could fix the problem, it's worth a try.

If you have changed the default masq templates then you are the only one who can fix them, I suggest comparing with another known good server.


I only have one SME, and even if I had another one, I don't know which files to compare...

[Stefano]

please, post the result of

Code: [Select]

/sbin/e-smith/audittools/templates

thank you
Ciao
Stefano

[janet]

SoftDux

/sbin/e-smith/audittools/templates

will show you any additional custom templates.

For masq custom templates look in
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq

Move them to a safe location rather than deleting them
ie
mkdir -p /temp
move the custom templates
and then do
signal-event post-upgrade
signal-event reboot

[CharlieBrady]

So, somewhere it's missing some firewall / ip masquerading / ip forwarding rules, but I don't know which or where.

You can find out by doing:

sh -x /etc/rc.d/init.d/masq stop
sh -x /etc/rc.d/init.d/masq start

The problem lies with the IP masquerading template, which doesn't load at all.

Really? What makes you so sure? What exactly do you mean by "doesn't load at all"?

[CharlieBrady]

my internal LAN is 192.168.10.0/24 & external is 192.168.1.0/24

192.168.1.x isn't a valid Internet address. What do you have between your server and the Internet? Are you certain that it is configured and functioning correctly?

[SoftDux]

please, post the result of

Code: [Select]

/sbin/e-smith/audittools/templates

thank you
Ciao
Stefano

Hi Stefano,

Here's the output:

root@intranet:[~]$ /sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/etc/hosts.allow/sshd: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustTransProxy: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35transproxy: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/lib/pgsql/data/pg_hba.conf: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/lib/pgsql/data/postgresql.conf: MANUALLY_ADDED, ADDITION

What do I need to look for?

[SoftDux]

You can find out by doing:

sh -x /etc/rc.d/init.d/masq stop
sh -x /etc/rc.d/init.d/masq start

Really? What makes you so sure? What exactly do you mean by "doesn't load at all"?

CharlieBrady,

I get the following error when manually starting masq:

root@intranet:[~]$ /etc/rc.d/init.d/masq restart

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
done

That doesn't look like normal behavior to me. Is it normal?

[SoftDux]

192.168.1.x isn't a valid Internet address. What do you have between your server and the Internet? Are you certain that it is configured and functioning correctly?

When you set SME Server in gateway mode, it configures 2 interfaces, internal & external. My internal LAN was setup to use 192.168.10.0/24 & external is 192.168.1.0/24.

I have an ADSL modem which can't be bridged (due to it's VIOP capabilities) which is on 192.168.1.254

[CharlieBrady]

I get the following error when manually starting masq:

That doesn't look like normal behavior to me. Is it normal?

I don't know why I am bothering to try to help you. I told you exactly what you need to do to debug the issue you are seeing, and you do something different.

If you know better than me, then fix the problem yourself.

You should start by deleting your masq custom templates. They are the most likely cause of your problem.

[CharlieBrady]

When you set SME Server in gateway mode, it configures 2 interfaces, internal & external.

Really? I didn't know that.

My internal LAN was setup to use 192.168.10.0/24 & external is 192.168.1.0/24.

I have an ADSL modem which can't be bridged (due to it's VIOP capabilities) which is on 192.168.1.254

Clearly it is not just a modem - it is a router as well.

[janet]

SoftDux

You should start by deleting your masq custom templates. They are the most likely cause of your problem.

Which is what I already said back in post #36
http://forums.contribs.org/index.php?topic=44002.msg210993#msg210993

If you cannot work it out for yourself then these are the ones:

/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustTransProxy: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35transproxy: MANUALLY_ADDED, OVERRIDE