At 12:28 PM 6/27/01 +0700, Abu H R wrote: >how can i disable ip forwading
echo "0" /proc/sys/net/ipv4/ip_forward and what's the benefit if i enable or disable >ip forwarding It affects whether the firewall will route or not. If you do NOT enable IP forwarding, ONLY proxy'd traffic can go through the firewall. (In fact, in this situation, even calling the host a firewall is a stretch; it's really JUST a proxy server.) >OR how can i change the forward chain Change it by using the ipchains command appropriately. For general guidance about using this command, turn to its man page or the Firewalling HowTo and the Ipchains HowTo (at, for example, www.linuxdoc.org). >now my network have an abuser accessing to something like >[xxxxxxxxxxx.rr.com with port 1214 in outer side and one of the port from >1024-65535 in intra side]. Even i block the port 1214 using http_access at >squid, he still be able to use it This description isn't really clear, but it sounds like he is simply bypassing Squid and routing directly. The place to address this is either by turning off IP forwarding -OR- modifying your ipchains ruleset (probably the input chain, not the forward chain) but you've told us WAY too little about your setup to get good, specific advice here. >----- Original Message ----- >From: "Michael Wood" <[EMAIL PROTECTED]> >To: <[email protected]> >Sent: Tuesday, June 26, 2001 7:00 PM >Subject: Re: access to icq > > >This may be so, but he will still have to disable IP forwarding >or add some rules to his forward chain to stop people using the >old ICQ protocol an bypassing Squid altogether. -- ------------------------------------"Never tell me the odds!"--- Ray Olszewski -- Han Solo Palo Alto, CA [EMAIL PROTECTED] ----------------------------------------------------------------
