Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: SoftDux on May 04, 2009, 10:25:57 PM
-
Hi all,
I have installed Dansguardian, which worked for a few days, but after a while I noticed that internet access in general was very slow. So I though I'd uninstall it, but it seems I've totally fscked up the server.
Now, no PC on the network can access the internet. I can't even ping a site / IP on the internet from one of the networked PC's.
I've reset the server to server only mode, and then back to private server & gateway mode, but still no luck.
Can someone please tell me how I can reset the network settings, without reinstalling the server?
-
Softdux: from the number of your posts I guess you are not a SME newbie and, of course, a forum newbie..
so.. how do you think we can help you if you don't give any details?
can you ping any site form SME?
did you change anything related to iptables?
why did you uninstall dansguardian without trying to diagnosethe problem?
not to be rude, but if you describe yourself as "The Leaders in Software & Networking" I expect a more professional attitude from you.
Ciao
Stefano
-
What is interesting, is that from the server I can ping any host on the internet, but I can't access that website using lynx / links.
I also can't ping any IP on the internet from any PC on the LAN, even though I have reset the server into Private Server & Gateway mode. So, though I want to think it's a firewall issue, I'm not quite sure.
-
Hi stefano,
As your message says, build a system that only a fool can use :)
No offence, but there are a lot of internal code of SME that I don't like playing with, for various reasons. I don't have the time to try and debug the dansguardian problem and since it's something I've never used before I'd rather remove it. But, now I'm sitting with a "big white elephant". Ideally I would prefer to fix the problem without reinstalling the server (there's about 450GB's worth of data which I can't move anywhere right now). I'm between offices and this one is in a doctor's practice, where I don't spend a lot of time.
I didn't change the firewall, I purely uninstalled dansguardian (there isn't any official way of doing it, so I did rpm -e dansguardian). But this left me with worse problems.
-
I didn't change the firewall, I purely uninstalled dansguardian (there isn't any official way of doing it, so I did rpm -e dansguardian). But this left me with worse problems.
maybe you mean
rpm -e smeserver-dansguardian
?
what's the output of
rpm -qa | grep dans
?
HTH
Ciao
Stefano
-
Yes, sorry.
root@intranet:[~]$ rpm -qa | grep dans
warning: only V3 signatures can be verified, skipping V4 signature
warning: only V3 signatures can be verified, skipping V4 signature
warning: only V3 signatures can be verified, skipping V4 signature
warning: only V3 signatures can be verified, skipping V4 signature
Here's something else which is also interesting:
root@intranet:[~]$ /etc/rc.d/init.d/masq restart
Shutting down IP masquerade and firewall rules: Done!
Enabling IP masquerading: iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
done
So, how do I fix that? I don't know if this is the case, but I think that could be the problem?
-
I have installed Dansguardian ...
Off-topic for this forum.
-
SoftDux
As indicated in another post you would also need to do
rpm -e smeserver-dansguardian
as well as doing
rpm -e dansguardian
and then you would also need to undo any db commands or setting changes made in relation to configuring Dansguardian on that server.
Read the Wiki Contrib article for details of reverting settings back to standard
http://wiki.contribs.org/Dansguardian
and in particular I'm thinking of
http://wiki.contribs.org/Dansguardian#Modifying_Firewall_and_Proxy
and of course any other tweaking you did that you have not told us about.
-
Moving to Contribution section where it is more appropriate.
-
Off-topic for this forum.
I don't understand what you mean?
-
SoftDux
As indicated in another post you would also need to do
rpm -e smeserver-dansguardian
as well as doing
rpm -e dansguardian
and then you would also need to undo any db commands or setting changes made in relation to configuring Dansguardian on that server.
Read the Wiki Contrin article for details of reverting settings back to standard
http://wiki.contribs.org/Dansguardian
and in particular I'm thinking of
http://wiki.contribs.org/Dansguardian#Modifying_Firewall_and_Proxy
and of course any other tweaking you did that you have not told us about.
Hi mary,
Yes, I've uninstalled both dansguardian & smeserver-dansguardian using rpm (as I couldn't find any other documented way of removing them). I also went ahead and undid any db commands performed, but it still doesn't help.
Did you see the error I posted above, about the modules missing when trying to run masq manually? I do have a feeling, looking at what works and doesn't work, that masqurading isn't working. But the question is, how do I fix the masqurading part?
-
SoftDux
I've reset the server to server only mode, and then back to private server & gateway mode, but still no luck.
Perhaps change your server back to gateway server mode, which I assume was the mode it was originally in.
I don't know why you thought changing modes was going to achieve a fix to your problem, seems an odd way to troubleshoot.
-
SoftDux
What does this show ?
/etc/init.d/masq status
-
SoftDux
Perhaps change your server back to gateway server mode, which I assume was the mode it was originally in.
I don't know why you thought changing modes was going to achieve a fix to your problem, seems an odd way to troubleshoot.
Well, for one I thought that changing it from gateway mode to server only mode, and back again would restore all the masquarading & filewall rules to it's default state. But you're right, it doesn't fix the problem though. I can change between gateway & server mode as many times as I like and it doesn't help :)
-
SoftDux
What does this show ?
/etc/init.d/masq status
Here's the full list:
Aroot@intranet:[~]$ /etc/init.d/masq status
Table: filter
Chain INPUT (policy DROP)
target prot opt source destination
state_chk all -- 0.0.0.0/0 0.0.0.0/0
local_chk all -- 0.0.0.0/0 0.0.0.0/0
PPPconn all -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 224.0.0.0/4 0.0.0.0/0
denylog all -- 0.0.0.0/0 224.0.0.0/4
DROP all -- 89.123.129.102 0.0.0.0/0
DROP all -- 89.123.129.102 0.0.0.0/0
InboundICMP icmp -- 0.0.0.0/0 0.0.0.0/0
denylog icmp -- 0.0.0.0/0 0.0.0.0/0
InboundTCP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x0 2
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02
InboundUDP udp -- 0.0.0.0/0 0.0.0.0/0
denylog udp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:67:68
gre-in 47 -- 0.0.0.0/0 0.0.0.0/0
denylog 47 -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
state_chk all -- 0.0.0.0/0 0.0.0.0/0
local_chk all -- 0.0.0.0/0 0.0.0.0/0
ForwardedTCP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0 x02
ForwardedUDP udp -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PPPconn all -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 224.0.0.0/4 0.0.0.0/0
denylog all -- 0.0.0.0/0 224.0.0.0/4
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain ForwardedTCP (1 references)
target prot opt source destination
ForwardedTCP_5994 all -- 0.0.0.0/0 0.0.0.0/0
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02
Chain ForwardedTCP_5994 (1 references)
target prot opt source destination
Chain ForwardedUDP (1 references)
target prot opt source destination
ForwardedUDP_5994 all -- 0.0.0.0/0 0.0.0.0/0
denylog udp -- 0.0.0.0/0 0.0.0.0/0
Chain ForwardedUDP_5994 (1 references)
target prot opt source destination
Chain InboundICMP (1 references)
target prot opt source destination
InboundICMP_5994 all -- 0.0.0.0/0 0.0.0.0/0
denylog icmp -- 0.0.0.0/0 0.0.0.0/0
Chain InboundICMP_5994 (1 references)
target prot opt source destination
denylog icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 4
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 12
denylog all -- 0.0.0.0/0 0.0.0.0/0
Chain InboundTCP (1 references)
target prot opt source destination
InboundTCP_5994 all -- 0.0.0.0/0 0.0.0.0/0
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02
Chain InboundTCP_5994 (1 references)
target prot opt source destination
denylog all -- 0.0.0.0/0 !192.168.1.1
REJECT tcp -- 0.0.0.0/0 192.168.1.1 tcp dpt:113 reject- with tcp-reset
denylog tcp -- 89.123.129.102 192.168.1.1 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 192.168.1.1 tcp dpt:3000
ACCEPT tcp -- 0.0.0.0/0 192.168.1.1 tcp dpt:1723
Chain InboundUDP (1 references)
target prot opt source destination
InboundUDP_5994 all -- 0.0.0.0/0 0.0.0.0/0
denylog udp -- 0.0.0.0/0 0.0.0.0/0
Chain InboundUDP_5994 (1 references)
target prot opt source destination
denylog all -- 0.0.0.0/0 !192.168.1.1
Chain PPPconn (2 references)
target prot opt source destination
PPPconn_1 all -- 0.0.0.0/0 0.0.0.0/0
Chain PPPconn_1 (1 references)
target prot opt source destination
Chain denylog (21 references)
target prot opt source destination
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:520
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:137:139
ULOG all -- 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 n lgroup 1 prefix `denylog:' queue_threshold 1
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain gre-in (1 references)
target prot opt source destination
denylog all -- 0.0.0.0/0 !192.168.1.1
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain local_chk (2 references)
target prot opt source destination
local_chk_5994 all -- 0.0.0.0/0 0.0.0.0/0
Chain local_chk_5994 (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 192.168.10.0/24 0.0.0.0/0
Chain state_chk (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTAB LISHED
Table: nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Table: mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
-
Oh, and before I forget,
my internal LAN is 192.168.10.0/24 & external is 192.168.1.0/24
-
I don't understand what you mean?
I will save Charlie some of his time and reply on his behalf. You had originally posted in the SME7.x forum. This forum is dedicated (strictly) to issues, questions (etc) about the core packages making SME - what you have on the CD if you wish. The minute you install a package not included in the distribution, i.e. Dans, you should post into the sme7.x Contribs section. No worries, I moved your topic, all is well.
-
Maybe smeserver-dansguardian didn't clean up masq completely. Try to disable the port blocking with:
config setprop squid TransparentPort 3128
config setprop squid Transparent no
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot
It places a template in /etc/e-smith/templates/etc/rc.d/init.d/masq called 90local_chk40networks
Does it still exist?
-
Another suggestion... You didn't configure (force) all the clients to use a proxy as suggested on the wiki and now the proxy is disabled??
-
I will save Charlie some of his time and reply on his behalf. You had originally posted in the SME7.x forum. This forum is dedicated (strictly) to issues, questions (etc) about the core packages making SME - what you have on the CD if you wish. The minute you install a package not included in the distribution, i.e. Dans, you should post into the sme7.x Contribs section. No worries, I moved your topic, all is well.
Thanx Chris,
I thought that since I removed Dansguardian and I want to fix the SME problem, without DansGuardian installed that it would have been fine in the SME forum :)
-
Another suggestion... You didn't configure (force) all the clients to use a proxy as suggested on the wiki and now the proxy is disabled??
Hi,
No, for simplicity reasons I didn't specify any proxy settings on the clients and relied on the transparent proxy setup.
But as I said, I don't think this is a problem with the proxy. No internet access (i.e. web / email / ftp / ping / remote desktop / etc) is working from any of the LAN PC's, and it seems like a routing / masquerading problem. I did reconfigure the server to server only more, rebooted, and then reconfigured it back to gateway mode, hoping it would fix the IP masquerading problem, but it didn't. When I manually start / restart masq (service restart masq), I get the following error:
root@intranet:[~]$ /etc/rc.d/init.d/masq restart
Shutting down IP masquerade and firewall rules: Done!
Enabling IP masquerading: iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
done
So, somewhere it's missing some firewall / ip masquerading / ip forwarding rules, but I don't know which or where.
-
Maybe smeserver-dansguardian didn't clean up masq completely. Try to disable the port blocking with:
config setprop squid TransparentPort 3128
config setprop squid Transparent no
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot
It places a template in /etc/e-smith/templates/etc/rc.d/init.d/masq called 90local_chk40networks
Does it still exist?
Unfortunately I can't SSH into the server from the office right now, but I'll go over to the client again a bit later today and try your suggestions. Thanx :)
-
I don't understand what you mean?
The subject of the SME Server 7.x forum is:
Discussion of the use of *ONLY* the components and features included on the SME
Server 7.x CD.
As soon as you mention "dansguardian" your post is off-topic for the SME Server 7.x forum.
I don't think I can make it any clearer than that.
-
Maybe smeserver-dansguardian didn't clean up masq completely. Try to disable the port blocking with:
config setprop squid TransparentPort 3128
config setprop squid Transparent no
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot
It places a template in /etc/e-smith/templates/etc/rc.d/init.d/masq called 90local_chk40networks
Does it still exist?
Sadly this didn't work either :(
-
Maybe the templates are messed up. Does:
expand-template /etc/rc.d/init.d/masq
Give any errors (or any output)?
-
Maybe the templates are messed up.
That's what I'm thinking as well, but I don't know how to fix the corrupted template. And it seems like changing from gateway mode, to server move, back to gateway mode doesn't fix the template either.
Does:
expand-template /etc/rc.d/init.d/masq
Give any errors (or any output)?
I get no error, nor any output. Is it supposed to give output?
root@intranet:[~]$ expand-template /etc/rc.d/init.d/masq
root@intranet:[~]$
-
SoftDux
You have said:
I can't even ping a site / IP on the internet from one of the networked PC's....
I also can't ping any IP on the internet from any PC on the LAN...
No internet access (i.e. web / email / ftp / ping / remote desktop / etc) is working from any of the LAN PC's
This seems more like basic networking issues.
Are the server and workstations on the same workgroup and/or domain name ?
Are they also on the same network address range ie 192.168.10.xx
Can workstations ping the server ?
What is your network arrangement ?
Are the workstations set to auto detect the DHCP server and WINS server etc Are the workstations correctly setup to use sme server as the gateway
On a workstation, what does this show (from a DOS prompt) ?
ipconfig /all
-
Knuddi & SoftDux
config setprop squid Transparent no
signal-event post-upgrade; signal-event reboot
That is incorrect.
It should be:
To return Transparent Proxy port to default value and to disable portblocking and to enable the Transparent proxy (which is the sme default)
config setprop squid TransparentPort 3128
config setprop squid Transparent yes
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot
Note that the sme server default setting for transparent proxy is yes, as determined by the base code/templates when there is no actual db entry for the squid Transparent setting.
So if you wish to have a db setting then it should be yes rather than no
Doing
config delprop squid Transparent
signal-event post-upgrade; signal-event reboot
will achieve the same result ie Transparent proxy is enabled (=yes) due to the default template behaviour
Ray has fixed the wiki article
-
Hi,
I experienced this problem sometimes. what i usually do is just restart the server and the switches.
7.4 (but this server has been updated from 7.1)
Server-gateway mode
DHCP
Dansguardian
Proxy
for unknown reason or i just don't know where to look there are times that there is some kind of bottleneck in the connection. And restarting the server and switches fixes it.
-
SoftDux
You have said:
This seems more like basic networking issues.
Are the server and workstations on the same workgroup and/or domain name ?
Are they also on the same network address range ie 192.168.10.xx
Can workstations ping the server ?
What is your network arrangement ?
Are the workstations set to auto detect the DHCP server and WINS server etc Are the workstations correctly setup to use sme server as the gateway
On a workstation, what does this show (from a DOS prompt) ?
ipconfig /all
Hi Mary, I realize you are trying to help, but you're looking past the problem. It's not a transparent proxy problem, nor is a it a basic network problem.
The problem lies with the IP masquerading template, which doesn't load at all.
As I said, when I load masq manually, I get the following error:
/sbin/e-smith/config setprop masq Stealth yes
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
If IP masquerading doesn't work, then no networking functions between computers on the LAN and the internet will function. I want to know how to fix this particular script so that it loads without an error. Does anyone know how to fix this particular problem? Forget about Transparent Proxy. Email doesn't work, FTP doesn't work, SSH doesn't work, Remote Desktop / VNC doesn't work, in fact, every internet related service doesn't work.
-
Knuddi & SoftDux
That is incorrect.
It should be:
To return Transparent Proxy port to default value and to disable portblocking and to enable the Transparent proxy (which is the sme default)
config setprop squid TransparentPort 3128
config setprop squid Transparent yes
config delprop dansguardian portblocking
signal-event post-upgrade; signal-event reboot
Note that the sme server default setting for transparent proxy is yes, as determined by the base code/templates when there is no actual db entry for the squid Transparent setting.
So if you wish to have a db setting then it should be yes rather than no
Doing
config delprop squid Transparent
signal-event post-upgrade; signal-event reboot
will achieve the same result ie Transparent proxy is enabled (=yes) due to the default template behaviour
Ray has fixed the wiki article
Mary, this isn't a problem with the transparent proxy, it's a problem with internet access to all services. Please see my previous replies as to where the problem lies. I just don't know how to fix it. And by reconfiguring the server between server & gateway mode doesn't fix it either.
How do I reset the masq template to default?
-
SoftDux
Re Transparent proxy, I was correcting Knuddi's advice.
If you follow sme concepts then you would delete any masq custom templates, expand & restart.
If you have changed the default masq templates then you are the only one who can fix them, I suggest comparing with another known good server.
-
SoftDux
Re Transparent proxy, I was correcting Knuddi's advice.
If you follow sme concepts then you would delete any masq custom templates, expand & restart.
If you have changed the default masq templates then you are the only one who can fix them, I suggest comparing with another known good server.
Mary,you make it sound like I did this on purpose, and that I'm 12years old! Thank you for your advice, I'll just format it.
-
SoftDux
Mary,you make it sound like I did this on purpose, and that I'm 12years old!
Oh dear oh me, another touchy customer !
-
If you follow sme concepts then you would delete any masq custom templates, expand & restart.
Would you mind telling me which template to delete. I don't like doing this, but if it could fix the problem, it's worth a try.
If you have changed the default masq templates then you are the only one who can fix them, I suggest comparing with another known good server.
I only have one SME, and even if I had another one, I don't know which files to compare...
-
please, post the result of
/sbin/e-smith/audittools/templates
thank you
Ciao
Stefano
-
SoftDux
/sbin/e-smith/audittools/templates
will show you any additional custom templates.
For masq custom templates look in
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq
Move them to a safe location rather than deleting them
ie
mkdir -p /temp
move the custom templates
and then do
signal-event post-upgrade
signal-event reboot
-
So, somewhere it's missing some firewall / ip masquerading / ip forwarding rules, but I don't know which or where.
You can find out by doing:
sh -x /etc/rc.d/init.d/masq stop
sh -x /etc/rc.d/init.d/masq start
The problem lies with the IP masquerading template, which doesn't load at all.
Really? What makes you so sure? What exactly do you mean by "doesn't load at all"?
-
my internal LAN is 192.168.10.0/24 & external is 192.168.1.0/24
192.168.1.x isn't a valid Internet address. What do you have between your server and the Internet? Are you certain that it is configured and functioning correctly?
-
please, post the result of
/sbin/e-smith/audittools/templates
thank you
Ciao
Stefano
Hi Stefano,
Here's the output:
root@intranet:[~]$ /sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/etc/hosts.allow/sshd: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustTransProxy: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35transproxy: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/var/lib/pgsql/data/pg_hba.conf: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/lib/pgsql/data/postgresql.conf: MANUALLY_ADDED, ADDITION
What do I need to look for?
-
You can find out by doing:
sh -x /etc/rc.d/init.d/masq stop
sh -x /etc/rc.d/init.d/masq start
Really? What makes you so sure? What exactly do you mean by "doesn't load at all"?
CharlieBrady,
I get the following error when manually starting masq:
root@intranet:[~]$ /etc/rc.d/init.d/masq restart
Shutting down IP masquerade and firewall rules: Done!
Enabling IP masquerading: iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
iptables: Table does not exist (do you need to insmod?)
iptables: No chain/target/match by that name
done
That doesn't look like normal behavior to me. Is it normal?
-
192.168.1.x isn't a valid Internet address. What do you have between your server and the Internet? Are you certain that it is configured and functioning correctly?
When you set SME Server in gateway mode, it configures 2 interfaces, internal & external. My internal LAN was setup to use 192.168.10.0/24 & external is 192.168.1.0/24.
I have an ADSL modem which can't be bridged (due to it's VIOP capabilities) which is on 192.168.1.254
-
I get the following error when manually starting masq:
That doesn't look like normal behavior to me. Is it normal?
I don't know why I am bothering to try to help you. I told you exactly what you need to do to debug the issue you are seeing, and you do something different.
If you know better than me, then fix the problem yourself.
You should start by deleting your masq custom templates. They are the most likely cause of your problem.
-
When you set SME Server in gateway mode, it configures 2 interfaces, internal & external.
Really? I didn't know that. :-)
My internal LAN was setup to use 192.168.10.0/24 & external is 192.168.1.0/24.
I have an ADSL modem which can't be bridged (due to it's VIOP capabilities) which is on 192.168.1.254
Clearly it is not just a modem - it is a router as well.
-
SoftDux
You should start by deleting your masq custom templates. They are the most likely cause of your problem.
Which is what I already said back in post #36
http://forums.contribs.org/index.php?topic=44002.msg210993#msg210993
If you cannot work it out for yourself then these are the ones:
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/90adjustTransProxy: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35transproxy: MANUALLY_ADDED, OVERRIDE