[SMS]

[vivanguarda]

This is DNS Server.

# Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
domain lan
nameserver 192.168.1.254
# /etc/resolv.conf.tail can replace this line


And Wokstation I have
vi /etc/resol.conf
nameserver 200.149.55.140

It`s not function. Then I tryed a secondary DNS

THEN

vi /etc/resol.conf
nameserver 200.149.55.140
nameserver 200.165.132.147


Can you check Full Easy Firewall?

http://uploaddearquivos.com.br/download/Easy-Firewall

[gerasimos_h]

Have you set gateway the ip of your eth1 on workstations?
If you set a transparent proxy you have to setup squid on server to use port redirection.
If squid isn't configured and running then that's the reason.
Try to remove proxy from firewall or create a new one without proxy and see if it's working.

gerasimos_h

[vivanguarda]

1) Workstation: eth1 gateway 192.168.2.1
2), 3) and 4) I did another Easy Firewall unless Proxy. Unfortunately, I don`t get internet connection yet.

Traceroute Server

root@server:~# traceroute 192.168.2.7
traceroute to 192.168.2.7 (192.168.2.7), 30 hops max, 60 byte packets
1 192.168.2.7 (192.168.2.7) 0.110 ms 0.086 ms 0.077 ms

[gerasimos_h]

It seems we reply at the same time in the morning and didn't see your configuration, you need to add
INET_ADDRESS="192.168.1.1"
under
INET_IFACE="eth0"
or choose static IP and not dynamic for eth0 when creating a firewall.
Your router smells like a speedtouch, if yes, you should add your server on your speedtouch as static ip, under home network/devices.

BTW you could attach it in you post.

gerasimos_h

[vivanguarda]

Sorry, but I didn't undestand!
1)

INET_ADDRESS="192.168.1.1"
under
INET_IFACE="eth0"


I ought to insert it in first firewall generated where I used port 3128?


I did another simple EFG so I hope now only internet connection on the workstation. I should to change both EFGs?

http://uploaddearquivos.com.br/download/Firewall-Sem-Squid.rtf




2) In fact I'm using a Thomsom Speed Touch 510 V6 modem, but I afraid of changing it. Iprefer an eth0 dhcp server.[/quote]

[gerasimos_h]

1. Try the firewall attached.

2. Don't turn dhcp server off, just mark your server's ip as static in routers page configuration (192.168.1.254).

gerasimos_h

[vivanguarda]

I dowloaded rc.firewall.gz in /etc/rc.d, used gzip -d rc.firewall.gz, and after that chmod +x rc.firewall. But in this situation I lost server internet connection. Also I tried only to add INET_ADDRESS="192.168.1.1" but it`s no connected. All experiments I did using te same dhcp Spedtouch modem, ok! Is it the problem I should to router Thomsosm modem ?

root@server:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-ProFTPD (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere



..........

root@server:~# cat /proc/sys/net/ipv4/ip_forward
1



...........

root@server:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

[gerasimos_h]

Have you restart your server and start rc.firewall at boot?
Most Speedtouch (i don't remember 510) models have their own dns server, so if routers lease e.g. 192.168.1.2 to your server and you change ip to 192.168.1.1, most likely you will have no internet, that's the reason I told you to mark it as static under [hostmgr.ini] e.g.

[vivanguarda]

Server

#vi /etc/resolv.conf

Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
domain lan
nameserver 192.168.1.254
# /etc/resolv.conf.tail can replace this line


Worstation
search maq_13local
nameserver 200.149.55.140

[gerasimos_h]

To confirm that your firewall is working reboot , login and type "iptables -L"
You should see something like

[vivanguarda]

Gerasimos, Good Afternoon!!!

Problem was solved!!! I changed DNS and used OpenDNs. Both Pri and Secondary!

208.67.222.222
208.67.220.220

Therefore, I didn`t use EFG, but I `ll try it again! I put simple router chains in rc.firewall:

!/bin/bash
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT


Before, during boot up were messages:

.. line 6734 rc.firewall: no such or directory ...
Then I try also another shebang, using bash instead of sh. Did you see it?-

Soon , I will get another trouble!!

Thanks a lot lot lot , my dear!!!!

[gerasimos_h]

[vivanguarda]

Gerasimos, can you help me again?

I need to change server settings because Timer Cafe Control Programm has a Workstation-Server communication problem using dhcp server. There is a FAQ and is suggested to solve it using static ip. Then I got a Modem/Router Speed Streamm 5200 unless dhcp. It is using a 10.1.1.0 ip configuration. Thereby, how can I choose ip class to static eth0 server if router is 10.1.1.0 ip type and my server eth1 was 192.168.2.1?

[gerasimos_h]

edit /etc/rc.d/rc.inet1.conf with the appropriate info and run /etc/rc.d/rc.inet1.
If you used an advanced firewall script change variables in rc.firewall too
INET_ADDRESS=
LOCAL_IP=
LOCAL_NET=
LOCAL_BCAST=
end run /etc/rc.d/rc.firewall.

gerasimos_h

[vivanguarda]

That' s all my dear! My doubt is about ip to use in Server eth0. This static ip should be 10.1.1.X or 192.168.1.X.? I don't know this router/modem schematic...