Vittorio wrote:
I've setup a small home network to prevent my children from having a look at sordid sites. So I connected a server to a couple of PCs wia ethernet card and the server to my ISP via modem. The server and another box run woody while one PC (my children's) has Win 98 on it. On the server I've installed squid as a proxy & squidguard, diald & samba and a tiny firewall using iptables.It all ticks greatly with the exception of email.While I can browse through the proxy everything but indecent sites, when I try from a client to get my mail with mutt, diald starts (and connects to the ISP) but nothing else happens, it all hangs there waiting for I dunno what.
Although you can access web pages ok I assume that because you have set each browser on the network to use the gateway as a proxy. However I know of no mail client (sorry don't use mutt) in which you can do the same (no doubt there will be many emails correcting me on this :-) ).
In squid.conf I allowed as an acl the safe_port port 110 and 25. In resolv.conf on the client I have put both nameservers. Of course, everywhere I've defined the gateway machine both on linux and win 98 boxes. Perhaps I miss something. Please help. Ciao Vittorio
Are you using IP masquerading on your gateway machine?If not then this is your problem. Packets are being passed to your server (as it then dials the ISP) because the clients have it as their default gateway but the packets are probably keeping the IP address of the internal client machines so the data gets to the mail server but has little chance of getting back to any of your machines. IP masquerading solves this by editing the packets so they appear to come from your server and then editing them again when they come back so they get to the client machines.
You will then want to make sure that port 80 is blocked for out-going traffic except for your server else the client machine will be able to bypass the proxy.
A good read is the Network Administrators Guide (there's a link on the Debian documentation page). Its a big'un but quite readable I found...
-- Jason Chambers (jason.chambers@ntlworld.com) Leicester, England --To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org