Topic: please help - no internet access to LAN PC's

[SoftDux]

Knuddi & SoftDux

That is incorrect.
It should be:

To return Transparent Proxy port to default value and to disable portblocking and to enable the Transparent proxy (which is the sme default)

config setprop squid TransparentPort 3128
config setprop squid Transparent yes
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot


Note that the sme server default setting for transparent proxy is yes, as determined by the base code/templates when there is no actual db entry for the squid Transparent setting.

So if you wish to have a db setting then it should be yes rather than no

Doing
config delprop squid Transparent
signal-event post-upgrade; signal-event reboot

will achieve the same result ie Transparent proxy is enabled (=yes) due to the default template behaviour


Ray has fixed the wiki article

Mary, this isn't a problem with the transparent proxy, it's a problem with internet access to all services. Please see my previous replies as to where the problem lies. I just don't know how to fix it. And by reconfiguring the server between server & gateway mode doesn't fix it either.

How do I reset the masq template to default?

[janet]

SoftDux

Re Transparent proxy, I was correcting Knuddi's advice.

If you follow sme concepts then you would delete any masq custom templates, expand & restart.

If you have changed the default masq templates then you are the only one who can fix them, I suggest comparing with another known good server.

[SoftDux]

SoftDux

Re Transparent proxy, I was correcting Knuddi's advice.

If you follow sme concepts then you would delete any masq custom templates, expand & restart.

If you have changed the default masq templates then you are the only one who can fix them, I suggest comparing with another known good server.

Mary,you make it sound like I did this on purpose, and that I'm 12years old! Thank you for your advice, I'll just format it.

[janet]

SoftDux

Mary,you make it sound like I did this on purpose, and that I'm 12years old!

Oh dear oh me, another touchy customer !

[SoftDux]

If you follow sme concepts then you would delete any masq custom templates, expand & restart.

Would you mind telling me which template to delete. I don't like doing this, but if it could fix the problem, it's worth a try.

If you have changed the default masq templates then you are the only one who can fix them, I suggest comparing with another known good server.


I only have one SME, and even if I had another one, I don't know which files to compare...

[Stefano]

please, post the result of

Code: [Select]

/sbin/e-smith/audittools/templates

thank you
Ciao
Stefano

[janet]

SoftDux

/sbin/e-smith/audittools/templates

will show you any additional custom templates.

For masq custom templates look in
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq

Move them to a safe location rather than deleting them
ie
mkdir -p /temp
move the custom templates
and then do
signal-event post-upgrade
signal-event reboot

[CharlieBrady]

So, somewhere it's missing some firewall / ip masquerading / ip forwarding rules, but I don't know which or where.

You can find out by doing:

sh -x /etc/rc.d/init.d/masq stop
sh -x /etc/rc.d/init.d/masq start

The problem lies with the IP masquerading template, which doesn't load at all.

Really? What makes you so sure? What exactly do you mean by "doesn't load at all"?

[CharlieBrady]

my internal LAN is 192.168.10.0/24 & external is 192.168.1.0/24

192.168.1.x isn't a valid Internet address. What do you have between your server and the Internet? Are you certain that it is configured and functioning correctly?

[SoftDux]

please, post the result of

Code: [Select]

/sbin/e-smith/audittools/templates

thank you
Ciao
Stefano

Hi Stefano,

Here's the output:

root@intranet:[~]$ /sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/etc/hosts.allow/sshd: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustTransProxy: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35transproxy: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/lib/pgsql/data/pg_hba.conf: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/lib/pgsql/data/postgresql.conf: MANUALLY_ADDED, ADDITION

What do I need to look for?

[SoftDux]

You can find out by doing:

sh -x /etc/rc.d/init.d/masq stop
sh -x /etc/rc.d/init.d/masq start

Really? What makes you so sure? What exactly do you mean by "doesn't load at all"?

CharlieBrady,

I get the following error when manually starting masq:

root@intranet:[~]$ /etc/rc.d/init.d/masq restart

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
done

That doesn't look like normal behavior to me. Is it normal?

[SoftDux]

192.168.1.x isn't a valid Internet address. What do you have between your server and the Internet? Are you certain that it is configured and functioning correctly?

When you set SME Server in gateway mode, it configures 2 interfaces, internal & external. My internal LAN was setup to use 192.168.10.0/24 & external is 192.168.1.0/24.

I have an ADSL modem which can't be bridged (due to it's VIOP capabilities) which is on 192.168.1.254

[CharlieBrady]

I get the following error when manually starting masq:

That doesn't look like normal behavior to me. Is it normal?

I don't know why I am bothering to try to help you. I told you exactly what you need to do to debug the issue you are seeing, and you do something different.

If you know better than me, then fix the problem yourself.

You should start by deleting your masq custom templates. They are the most likely cause of your problem.

[CharlieBrady]

When you set SME Server in gateway mode, it configures 2 interfaces, internal & external.

Really? I didn't know that.

My internal LAN was setup to use 192.168.10.0/24 & external is 192.168.1.0/24.

I have an ADSL modem which can't be bridged (due to it's VIOP capabilities) which is on 192.168.1.254

Clearly it is not just a modem - it is a router as well.

[janet]

SoftDux

You should start by deleting your masq custom templates. They are the most likely cause of your problem.

Which is what I already said back in post #36
http://forums.contribs.org/index.php?topic=44002.msg210993#msg210993

If you cannot work it out for yourself then these are the ones:

/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustTransProxy: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35transproxy: MANUALLY_ADDED, OVERRIDE