Re: [expert] IP MAsq / IP Chains problems on mandrake 7

Wed, 21 Jun 2000 21:43:43 -0700 


Perhaps your firewall is working as expected but your hosts.allow and
hosts.deny rules are denying any access?

Mine look like (pretty much) like this:

# cat /etc/hosts.deny
# 
# Mandrake-Security : if you remove this comment, remove the next line
too.
ALL:ALL EXCEPT LOCAL:DENY

# cat /etc/hosts.allow
# 
ALL:192.168.101.:ALLOW

You'd use whatever you use for your local subnet above.


Darcy Brodie wrote:
> 
> Hello
> 
>     i am still having trouble with this Mandrake setup.
> I am attempting to setup IP Masqurading through IP Chains .
> I have had this configuration previously running on a RH 5 box, and decided
> to upgrade.
> 
> I have used the PMFirewall program to create the firewall and
> masqurading rules.  From the Linux box, I can ping both the internal
> network and the internet. However, from a workstation running win98, I
> can only ping the linux box.  When I attempt to ping the intetnet, I get
> the following (thanks to tcpdump)
> 
> 13:05:47.551865   192.168.67.20 > 220867-db: icmp: 192.168.67.20 udp
> port unreachable [tos 0xc0]
> 
> I have have removed all of the pmfirewall rules and tried a very basic
> ip chains rules as follows
> 
> echo "1" > /proc/sys/net/ipv4/ip_forward
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.67.0/24 -j MASQ
> 
> i realize that this is probablu the simplst ip masq rules that can be
> set, but I still get the same message in tcpdump
> 
> I am using 2 network cards, 1 connected directly to my cable modem
> (which gets it's ip via dhcp)  This is eth0
> The second one is connected to my local network with a static ip of
> 192.168.67.20
>     The win98 workstation has a static ip of 192.168.67.2
>     On the linux box, the DNS server is pointing to the DNS server from
> my ISP
>     The default gateway is also pointing to my ISP's gateway
>         The above settings are exactly the same as what I was running on
> the RH5 box, but I was using ipfwadm for my rules
> 
> Darcy

-- 
"Brian, the man from babble-on"              [EMAIL PROTECTED]
Brian T. Schellenberger                      http://www.babbleon.org
Support http://www.eff.org.                  Support decss defendents.
Support http://www.programming-freedom.org.  Boycott amazon.com.

Reply via email to