Rob Browning writes: > Is there any reason that msquerading wouldn't work right using the > current (unstable) debian packages?
No! I've set up a firewall with it and it works fine. > I set up the host (the one actually connected to the internet via ppp) > with the following network related commands (in addition to a ppp > defaultroute): > ... > ipfwadm -F -p deny > ipfwadm -F -a accept -m -S 192.168.1.0/24 -D 0.0.0.0/0 -W eth0 I think you have to use the external device here. Please try with the check option of ipfwadm. > ifconfig eth0 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1.255 > route add -net 192.168.1.0 netmask 255.255.255.0 > route add default gw 192.168.1.1 metric 1 > > This doesn't work. I can ping the host from the client, and the > host can reach the internet via it's pppd defaultroute, but the client > cannot reach the internet, so the host is not forwarding the > masqueraded packets. You could add a command after the above ones on the host to make it log the denied packages: ipfwadm -F -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o Michael -- Michael Meskes, Projekt-Manager | [EMAIL PROTECTED], [EMAIL PROTECTED] topsystem Systemhaus GmbH | Tel: (+49) 2405/4670-44 Europark A2, Adenauerstr. 20 | Fax: (+49) 2405/4670-10 52146 Wuerselen | Go SF 49ers! Use Debian GNU/Linux! -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]