1748161 Members
3824 Online
108758 Solutions
New Discussion юеВ

Re: IP Nating problem

 
SOLVED
Go to solution
Mohammed Shahidul Islam
Occasional Advisor

IP Nating problem

hi
I was using IP forwarding and proxy for internet in RHEL 3 Advance server. After changing ISP's IP, I removed sqied.
Now i can browse from server. I can ping DNS, Yahoo, Google etc from client end but can't browse.

Please help me how to browse from client end.

best regard
shahid

4 REPLIES 4
Rasheed Tamton
Honored Contributor

Re: IP Nating problem

Hi Mohammed,

Did you check the client side proxy settings well.

May be the client is still using the old ISP setup for the proxy.

Regards,
Rasheed Tamton.
Andrew Cowan
Honored Contributor
Solution

Re: IP Nating problem

Shahid,

Open Firefox and select the "tools->Options->Advanced->Network->Settings" and ensure that you are set-up to directly access the Internet.

From the shell prompt enter: "dig www.ibm.com" or some site you regularly use, to ensure that DNS is working. Next run: "wget www.ibm.com" to ensure you get a valid response (lot's of text) from the site.

Assuming this works then the only problems remaining are routing, nameserver and IP-Addressing problems, all of which should be discussed with your ISP.
Jarle Bjorgeengen
Trusted Contributor

Re: IP Nating problem

If it stopped working when you removed squid from the router-machine, chances are that you need to change the browser on the client to _not_ use proxy any more. If the router machine NAT├В┬┤s all traffic from the local net it should work fine.

- Jarle
Bruno Facca
Advisor

Re: IP Nating problem

Check your clients browser configuration, as already been said. If no proxy is configured on the clients, there's a good chance your linux server is redirecting HTTP requests to itself (transparent proxy) or just blocking them so the users have to use your proxy. It can also be a forwarding problem.

The following commands may solve your problem but they will loosen up the security in your firewall regarding client access to the internet. These are just for testing purposes. You should improve these rules using by specifying the authorized clients/destinations for your network.

iptables -t nat -I PREROUTING -p tcp -dport 80 -j ACCEPT
iptables -I FORWARD -p tcp --dport 80 -j ACCEPT
iptables -I FORWARD -p tcp --sport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT

Try it and let us know how it goes.

To remove those rules from your firewall just retype them replacing the -I with -D.

Bruno Facca