I have ipchains working, but my workstations cannot get out to the internet because of a DNS problem. (When I try to ping any host from the workstations I get the message Host not found.)
I have kernel 2.2.12, running IP MASQ and ipchains. /etc/init.d/network on the server looks like this: -------------------------------------------------- ifconfig lo 127.0.0.1 route add -net 127.0.0.0 netmask 255.0.0.0 dev lo ifconfig eth0 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 up route add -net 192.168.1.0 dev eth0 echo "1" > /proc/sys/net/ipv4/ip_forward ifchains -P forward DENY ipchains -A forward -s 192.168.1.0/24 -j MASQ -------------------------------------------------- on the workstation: -------------------------------------------------- ifconfig lo 127.0.0.1 route add -net 127.0.0.0 netmask 255.0.0.0 dev lo ifconfig eth0 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255 up route add -net 192.168.1.0 dev eth0 route add default gw 192.168.1.1 -------------------------------------------------- resolv.conf on both machines just has two lines, one for each of the nameservers my ISP uses. Issuing the command # ipmasq -d from the server gives the following output: -------------------------------------------------- /sbin/ipchains -P input DENY /sbin/ipchains -P output DENY /sbin/ipchains -P forward DENY /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward /sbin/ipchains -A input -j ACCEPT -i lo /sbin/ipchains -A input -j ACCEPT -i eth0 -s 192.168.1.1/255.255.255.0 /sbin/ipchains -A input -j ACCEPT -i ppp0 -d 206.11.2.183/32 /sbin/ipchains -A input -j DENY -i ppp0 -s 192.168.1.1/255.255.255.0 -l /sbin/ipchains -A forward -j MASQ -i ppp0 -s 192.168.1.1/255.255.255.0 /sbin/ipchains -A output -j ACCEPT -i lo /sbin/ipchains -A output -j ACCEPT -i eth0 -d 192.168.1.1/255.255.255.0 /sbin/ipchains -A output -j ACCEPT -i ppp0 -s 206.11.2.183/255.255.255.255 /sbin/ipchains -A output -j DENY -i ppp0 -d 192.168.1.1/255.255.255.0 -l -------------------------------------------------- I can ping anything from the server, but not from the workstations. What am I doing wrong? Steven C. Martin