[Firehol-support] Could not surf on the firewall box help needed
David Touzeau
david at articatech.com
Sat Jan 27 16:30:32 GMT 2018
Hi all,
I'm sure i'm missing something, but i did not understand why ???
On the linux box where Firehol is installed i cannot reach Internet.
>From a LAN address, there is no issue :
****************************************************************************
************
root at router:~# curl --verbose http://www.laposte.net
* Rebuilt URL to: http://www.laposte.net/
* Trying 94.124.132.36...
* TCP_NODELAY set
* connect to 94.124.132.36 port 80 failed: Connection refused
* Failed to connect to www.laposte.net port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to www.laposte.net port 80: Connection refused
****************************************************************************
************
What i'm missing ???
Here my config.
Eth0 is LAN
Eth1 is WAN
****************************************************************************
************
# DHCP: 0 ()
#ipset v.6.30 compatible
version 5
#Trusted Networks
#xt_ndpi not installed
FIREHOL_AUTOSAVE="/home/artica/firewall/firehol-saved-ipv4.txt"
FIREHOL_LOG_PREFIX="FIREHOL:"
FIREHOL_TPROXY_MARK="0xffff"
FIREHOL_TPROXY_IP_ROUTE_TABLE="999"
FIREHOL_TPROXY_ROUTE_DEVICE="eth0"
FIREHOL_DROP_INVALID="0"
FIREHOL_LOG_MODE="LOG"
MDPI="-m ndpi "
IPSET_CMD="/sbin/ipset"
ipv4 ipset create proxy_white_ssl hash:ip
ipv4 ipset addfile proxy_white_ssl ips proxy_ssl_whitelist
ipv4 ipset create MyIPs hash:ip
ipv4 ipset addfile MyIPs ips MyIPs
# * * * * Transparent Proxy * * * *
transparent_squid 58630 squid inface eth0
transparent_proxy 443 58631 squid inface eth0
# Tproxy: 0
# * * * * ip_forward = 1 * * * *
# * * * * rp_filter = 1 * * * *
/sbin/sysctl -w net.ipv4.conf.lo.rp_filter=1
/sbin/sysctl -w net.ipv4.conf.eth0.rp_filter=1
/sbin/sysctl -w net.ipv4.conf.eth1.rp_filter=1
/sbin/sysctl -w net.ipv4.conf.default.rp_filter=1 >/dev/null 2>&1
/sbin/sysctl -w net.ipv4.conf.all.rp_filter=1 >/dev/null 2>&1
/sbin/sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1
# * * * * NAT Rules * * * *
#lo Name:Interface lo/lo/lo 0.0.0.0 [403]
# lo: act_as_lan = 0
# lo: Allow proxy ports for 192.168.1.0/24
# lo: final services = 2
interface4 lo lo
policy accept
# lo: 0 clients rule(s) ( accept all services )[681]
client any accept
client any accept
server squidports accept src 192.168.1.0/24
server ssh accept
#eth0 Name:Interface eth0/eth0/eth0 192.168.1.1 [403]
# eth0: act_as_lan = 0
# eth0: Allow proxy ports for 192.168.1.0/24
# eth0: final services = 3
interface4 eth0 eth0
policy accept
# eth0: 0 clients rule(s) ( accept all services )[681]
client any accept
client any accept
server squidports accept src 192.168.1.0/24
server unifi accept
server ssh accept
#eth1 Name:Interface eth1/eth1/eth1 10.10.1.1 [403]
# eth1: act_as_lan = 0
# eth1: Allow proxy ports for 192.168.1.0/24
# eth1: final services = 3
interface4 eth1 eth1
policy reject
# eth1: 0 clients rule(s) ( accept all services )[681]
# eth1: accept local -> necessaries Internet protocols
BUILD_INTERFACE_CLIENT/690
client dns accept
client https accept
client http accept
client ftp accept
client ntp accept
client rsync accept
server squidports accept src 192.168.1.0/24
server unifi accept
server ssh accept
# pnic_bridges: eth02eth1; Artica allowed=0;FireHoleLogAllEvents=0
router4 eth02eth1 inface eth0 outface eth1
masquerade
server dhcp deny
route any accept
client any accept
server http accept
# * * * * * * ROUTERS FOR ALL INTERFACES * * * * * *
router4 lo2lo inface lo outface lo
route any accept
client any accept
policy accept
# Router For interface eth0 # # # # # # # # # # # # # # # #
router4 eth02eth0 inface eth0 outface eth0
# DHCP disabled
route any accept
client any accept
policy accept
# Router For interface eth1 # # # # # # # # # # # # # # # #
router4 eth12eth1 inface eth1 outface eth1
# DHCP disabled
route any accept
client any accept
policy accept
****************************************************************************
************
More information about the Firehol-support
mailing list