Here is a patch for /etc/ipfilter.conf [DCD, v1.0.2], the need for which
I discovered while researching my multiple external interface challenge:
# diff -bu ipfilter.conf ipfilter.conf.OLD
--- ipfilter.conf Mon May 6 16:30:20 2002
+++ ipfilter.conf.OLD Mon May 6 16:10:14 2002
@@ -171,11 +171,8 @@
local DST_PORT=${5:-$3}
# For internal connections
- for NET in $INTERN_NET; do
$IPCH -A forward -j MASQ -p $1 -s $DMZ_NET $DST_PORT \
- -d $NET -i $INTERN_IF
-### -d $INTERN_NET -i $INTERN_IF
- done; unset NET
+ -d $INTERN_NET -i $INTERN_IF
if [ "$OUTBOUND_ALL" != "YES" ]; then
@@ -774,14 +771,7 @@
walk_list DMZ_SERVER $INIT_INDEX port_forward
# Masquerade internal network to DMZ network
- for NET in $INTERN_NET; do
-### $IPCH -A forward -j MASQ -p all -s $INTERN_NET -d
$DMZ_NET -i $DMZ_IF
- $IPCH -A forward -j MASQ -p all -s $NET -d $DMZ_NET -i
$DMZ_IF
- done; unset NET
- $IPCH -A forward -j MASQ -p all -s $net -d $DMZ_NET -i $DMZ_IF
-
- done
- unset net
+ $IPCH -A forward -j MASQ -p all -s $INTERN_NET -d $DMZ_NET -i
$DMZ_IF
if [ "$DMZ_OUTBOUND_ALL" = "YES" ]; then
@@ -800,7 +790,6 @@
-o "$MASQ_SWITCH" = "yes" ]; then
for NET in $INTERN_NET; do
$IPCH -A forward -j MASQ -p all -s $NET -d 0/0 -i
$EXTERN_IF
-
done; unset NET
fi
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
