Being list under policy DENY doesn't really mean anything; it just means
that anything *isn't* specified will be denied. That which you MASQ
will still be masquaraded.
Also, it cannot simultaneously be true that:
a) You have NO access from a workstation, and
b) You can ping the linux box from a workstation.
If your firewall were stopping you you would not even be able to ping.
Most likely you simply don't have the services you are trying to access
doing on the Linux boxes, which is a question independent of the
firewall itself.
"Darcy Brodie, CJL" wrote:
>
> I am trying to configure a linux box to be a firewall / masqurading
> machine for access to the internet through a cable modem. eth0 is the
> external nic card (ip supplied by isp via dhcp), and eth1 is the
> internal network (using the 192.168.1.0 class C group). These are
> communicating properly.
> I have the firewall configured as follows
>
> echo "1" >/proc/sys/net/ipv4/ip_forward
> # clear all rules and start fresh
> /sbin/ipchains -F
> /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
> # this prevents ICQ Time out problems
> /sbin/ipchains -M -S 7200 10 160
>
> When I run the rc.firewall program, I get no errors. However, when I
> list the ipchains (ipchains -L), all of the above rules are listed under
> teh policy DENY, and I have NO access from a workstation (although I can
> 1-ping both the internal and external networks from the linux box, and
> 2- ping the linux box from any of the workstations)
>
> Suggestions ??
--
"Brian, the man from babble-on" [EMAIL PROTECTED]
Brian T. Schellenberger http://www.babbleon.org
Support http://www.eff.org. Support decss defendents.
Support http://www.programming-freedom.org. Boycott amazon.com.
