Problems with iptables

[dan]

Ing. Rafhael Almeida wrote:
> I have a FC3 and use with a box iptables==>NAT==>squid for a office LAN,
> and i have a problem with my iptables firewall, after 5 or 6 hours of use,
> the internet service stop in my local network.
> I use one script when fedora starting in order to assign rules to my
> firewall, i check the /var/log/message and this is:
> 
> ****************
> audit(1115149131.424:0): avc:  denied  { search } for  pid=2422
> exe=/usr/sbin/squid name=home dev=dm-0 ino=4423681
> scontext=user_u:system_r:squid_t tcontext=system_u:object_r:home_root_t
> tclass=dir
> May  3 14:38:51 proxyserver kernel: audit(1115149131.424:0): avc:  denied
>  { dac_override } for  pid=2422 exe=/usr/sbin/squid capability=1
> scontext=user_u:system_r:squid_t tcontext=user_u:system_r:squid_t
> tclass=capability
> May  3 14:38:51 proxyserver kernel: audit(1115149131.474:0): avc:  denied
>  { read } for  pid=2422 exe=/usr/sbin/squid name=ipsmanana.conf dev=dm-0
> ino=4423769 scontext=user_u:system_r:squid_t
> tcontext=root:object_r:user_home_t tclass=file
> May  3 14:38:51 proxyserver kernel: audit(1115149131.474:0): avc:  denied
>  { getattr } for  pid=2422 exe=/usr/sbin/squid
> path=/home/ralmeida/ipsmanana.conf dev=dm-0 ino=4423769
> scontext=user_u:system_r:squid_t tcontext=root:object_r:user_home_t
> tclass=file
> **************
> 
> When executing script is executed correctly, and test with iptables -L -n
> and it's ok, that it can be happening, please helpme
> Thank you
> 
> PD: Box= PIV 2.4, 1 Gb, 2 HD 40 Gb, mainboard intel, FC3, Squid 2.5 stable 6
> 
> 
> 

Please do *not* send an email to the list in reply to a subject that has 
nothing to do with your issue.  Create a new email.

Does this issue go away if you are to disable SELinux?  Have you made 
any attempt to modify your SELinux policy?

Thanks
-dant