[Server-devel] Problems with iptables

John Watlington wad at laptop.org
Sat Feb 16 23:13:18 EST 2008 

Squid runs fine on the XS, I would just get rid of that box...

On Feb 16, 2008, at 10:47 PM, Tony Pearson wrote:

> Team,
> Ok, I re-organized my test bed to be more representative of what  
> will be at OLE-Nepal
>
> (ISP)----(Hub)192.168.0.1-----192.168.0.29(Squid) 
> 172.18.0.1------172.18.0.77(XS)==AA
>
> So, my Hub is a 4-port wired hub that also has WiFi.
>
> Squid box has fresh XS-150 base installed, and has two NIC cards.
> (changed "schoolserver1" to "squid" in all the places I could grep)
> Eth0 is 192.168.0.29 static IP.
> Eht1 is 172.18.0.1 static IP.
>
> XS box has one NIC card.
> Eth0 is 172.18.0.77 static IP
> Active Antenna is attached via USB as "msh0"

You've now created one very confused gateway.   Gateways tend
to function (best) if their different network interfaces are on  
different
subnets.   The XS reserves the entire 172.18/16 subnet for it's internal
services, making it the ONLY subnet we can't have the WAN interface in.

If you want to continue with this, make the squid box serve the  
172.16.0.1
subnet, giving the XS eth0 interface something in 172.16.0.x.

> (a) I have my primary Windows XP box connected via the Hub at  
> 192.168.0.10.
> Prior to this change, I was able to "SSH" remote login from the  
> Windows box
> to the XS box as 192.168.0.77.  I would like to be able to SSH  
> (Windows->Squid)
> and (Windows->Squid->XS).  I have confirmed that "sshd" is up and  
> running,
> but ssh from Windows times out with no error message.

Your ssh on the Windows box doesn't know how to route to the XS box  
(and conversely,
the XS doesn't know how to route to the Windows box), breaking this  
even if it
weren't for the above problem.   You have to add manual routes to  
each to make it work.

> (b) TURN_SQUID_ON and TURN_SQUID_OFF and the iptables.principle.cache
> fail with error messages.  I will try to see if I can capture the  
> messages.

You ran them as root ?   Try just running the separate instructions  
manually.
There are only four per script!

> Any suggestions?
>
> Tony Pearson
> Senior Storage Consultant, IBM System Storage™
> Telephone: +1 520-799-4309 |  tie 321-4309 |  Cell: +1 520 990-8669
> email: tpearson at us.ibm.com |  GSA: http://tucgsa.ibm.com/~tpearson
> Blog: http://www.ibm.com/developerworks/blogs/page/ 
> InsideSystemStorage AKA: 990tony Paravane, eightbar specialist
>
>
> _______________________________________________
> Server-devel mailing list
> Server-devel at lists.laptop.org
> http://lists.laptop.org/listinfo/server-devel

More information about the Server-devel mailing list