Thanks for that tip, guitarlynn. That wasn't the answer - or I have something else wrong or incomplete - and I still wasn't seeing anything in the log to help. So I added the last line, below, to ipchains.input (I have nothing in ipchains.forward or ipchains.output):
$IPCH -I input -j DENY -p all -s 0/0 -d 224.0.0.10 -i $EXTERN_IF $IPCH -I input -j DENY -p all -s 0/0 -d 255.255.255.255 -i $EXTERN_IF $IPCH -I input -j DENY -p all -s 0/0 -d 224.0.0.0/4 -i $EXTERN_IF $IPCH -A input -s 0/0 -d 0/0 1723 -p tcp -l -j ACCEPT ...and now I see the following in the log... Jun 27 19:45:26 firewall kernel: Packet log: input ACCEPT eth1 PROTO=6 192.168.1.1:1256 130.111.135.159:1723 L=48 S=0x00 I=6602 F=0x4000 T=128 SYN (#34) I haven't read anything indicating that I would need to add entries to a basic Dachstein setup... but wonder if I need to explicitly "ipmasq portfw...." something? And in which file would that go? Thanks very much, Andy >>> guitarlynn >>>> >Try this instead of the UDP port: >EXTERN_TCP_PORTS="130.111.135.159/32_1723" > >> and >> >> EXTERN_PROTO0="47 130.111.135.159/32" > >-- > >~Lynn Avants >aka Guitarlynn > >guitarlynn at users.sourceforge.net >http://leaf.sourceforge.net > >If linux isn't the answer, you've probably got the wrong >question! -- _______________________________________________ Download the free Opera browser at http://www.opera.com/ Free OperaMail at http://www.operamail.com/ Powered by Outblaze ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Bringing you mounds of caffeinated joy. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
