On Sat, Nov 20, 1999 at 04:59:12PM +0100, Ralf G. R. Bergs wrote: > I've a machine with two NIC acting as a router/NAT host. Masquerading works > fine for the LAN machines, and access from outside is limited to the > firewall machine. I want a couple of machines NOT to be masqueraded so that > I can ftp or log into them from outside. > > Which ipchains rules do I have to add to make this work? I have tried to > insert a rule above the standard rule in M70masq like this, but to no avail: > > $IPCHAINS -A forward -j ACCEPT -i $j -s fileserver/32 -b > > # Masquerade remaining hosts > $IPCHAINS -A forward -j MASQ -i $j -s $IPOFIF/$NMOFIF
are the other input/output rules blocking your fileserver ip ? theres an ipchains "-C" option that lets you specify a packets (as if it were a rule, ie: -s ip -d ip -p proto, etc) and it will check it against the rules and tell you what happens to it. -- - Gus
