Unable to access *one* web site on a woody firewall
hello everyone
First of all, excuse me for my *bad* english.
I've just installed the stable Debian distribution "Woody" and since
that, I can't access to the http://playstation2-linux.con web site from
my firewall.
Here the details:
I have several computers, one stand for a firewall and
others for surf the web (and others things). I use a phone line to
connect. The firewall have a proxy cache manager (squid) for all local
computers, and himself if necessary. I use Debian programs, and a
2.4.18-debian as kernel in both computers. here come the script I use
for the FW:
#drop rules
iptables -N log-and-drop
iptables -A log-and-drop -j LOG --log-prefix "drop " --log-level info
iptables -A log-and-drop -j DROP
#input rules
iptables -P INPUT DROP
iptables -A INPUT -m state --state INVALID -j log-and-drop
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
#make the openproject irc server connexion faster
iptables -A INPUT -p tcp --dport 113 -j ACCEPT
iptables -A INPUT -j log-and-drop
#output
iptables -P OUTPUT ACCEPT
#forward
iptables -P FORWARD ACCEPT
#postrouting
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 0.0.0.0/0 -j
MASQUERADE
Since it's my LAN, I want to do what I want, but I don't want external
users can access my computer.
Now, if I connect a random web site, through the proxy cache, it works.
If I try to connect in the playstation2-linux.com web site, I simply got
a time out error. At first, I thought it was Squid which are weird and
I tryed without proxy cache: it works. Huh?
I really don't understand why Squid get a time out error, so I tryed to
access through a direct connexion, not a maquerading one. I did a
"telnet playstation2-linux.com 80" on the FW and simply get a time out.
This site can be accessed in https, so I tryed it too: same result.
Access through MASQ: 80, ok; 443, ok.
Direct access: 80, time out; 443, time out.
In the two cases, it's the same phone line connexion.
I saw nothing related to this web site in FW log. I removed the FW
rules and try one more time: same results.
All thing worked smooth with a Potato version.
I don't remember if I've done a special configuration on the Potato
version, which I haven't do in Woody.
Thanks in advance for any clue.
--
Guillaume "LoneWolf" Estival
Debian GNU/Linux powered
/*Use free software !*/
http://dspnet.claranet.fr/~lonewolf/
Reply to: