On Tue, 8 Jan 2002, Charles Steinkuehler wrote: > > Folks, I'm still confused about the internal routing on a Dachstein FW > > with 2 internal interfaces. I simply want to route between eth1 & eth2 > > freely while MASQ'ing both to the outside world. I do not want one to be a > > DMZ - they are both peer legs to the network.
<..snip..> (Charle's response) > if both nets are allowed to see the internet. To allow the interfaces to > talk to each other, you need something like the following in > /etc/ipchains.forward: > > $IPCH -A forward -j ALLOW -s 172.16.40.0/24 -d 172.16.50.0/24 -b > > Charles Steinkuehler Thanks Charles. It is now working but I couldn't get it to work as stated. I'm not sure what was not right and it could very well be with my lack of understanding. What I had to put in was: $IPCH -A forward -j ACCEPT -s 172.16.40.0/255.255.255.0 -d 172.16.50.0/255.255.255.0 -b The "ALLOW" told me "ipchains: No target by that name". ACCEPT worked based on the default D-CD v1.0.2. Where does this ALLOW target come from? I'm pretty fuzzy on the whole "target" issue. Secondly, the mask specified as /24 didn't appear to work, but as 255.255.255.0 which should resolve to the same thing, worked fine. I never did try to troubleshoot this aspect because I was just happy I had accomplished this much before retiring for the night. BTW: Thanks again for the excellent work you and other contributers have put forth for the greater good. My personal wish list, and if time permits I would like to assist, is to include ez-ipupdate and auto-update from the dhcp scripts when the lease renegotiates. -- David B. Cook, <[EMAIL PROTECTED]> The only "Windows" this software came close to had an "X" in front of it. _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
