[rags_sys]

Hi Guys,
Two networks - 10.0.0.0/8 & 192.168.1.0/24 connected through VPN - GRE Tunnel. Machines of one network can ping the other network. Ipchains Firewall gateway 10.0.0.5 in 10.0.0.0 network. Proxy Squid running on 3128 on 10.0.0.5.


Route for 10.* subnet to 192.168.1.* is 10.0.0.1
Rule for 10.* network in ipchains to access proxy 10.0.0.5

/sbin/ipchains -A input -i eth1 -s 10.0.0.0/255.0.0.0 -d 10.0.0.5 3128 -p tcp -j ACCEPT
/sbin/ipchains -A output -i eth1 -s 10.0.0.5 3128 -d 10.0.0.0/255.0.0.0 ! -y -p tcp -j ACCEPT

Route for 192.168.1.* subnet's gateway is 192.168.1.2 and all machines are configured with this one.
Rule for 192.* network in ipchains to access proxy 3128 in 10.0.0.5

/sbin/ipchains -A input -i eth1 -s 192.168.1.0/255.255.255.0 -d 10.0.0.5 3128 -p tcp -l -j ACCEPT
/sbin/ipchains -A output -i eth1 -s 10.0.0.5 3128 -d 192.168.1.0/255.255.255.0 ! -y -p tcp -l -j ACCEPT


Problem is that only one machine (Lets says abc machine IP - 192.168.1.1) from that network is able to browse the internet. None of the other machines 192.168.1.3, 192.168.1.4 etc are not able to browse. If 192.168.1.1 IP is given for any other machine then, that machine is not able to browse. If ABC machine is given 192.168.1.34 then it is able to browse.

One mre thing is that If I remove the firewall, then all machines with appropriate Squid ACLs are able to browse.

My Redhat Linux is 6.2 Zoot and Kernel is 2.2.14-5.0.

How do we solve the problem. Route and reverse route for both networks are working perfectly. All machines in 192.168.1.* is able to ping gateway 192.168.1.2 and 10.0.0.5 (10.*) and Vice Versa.

Thanks,
Raghavan.S