Re: gateway not defined

Wed, 1 Mar 2000 22:06:13 -0800 

Dave

        Bingo! I used these chains

        /sbin/ipchains -P input ACCEPT
        /sbin/ipchains -P output ACCEPT
        /sbin/ipchains -P forward DENY
        /sbin/ipchains -A forward -i ppp0 -j MASQ
        echo 1 > /proc/sys/net/ipv4/ip_forward   

[root@nubble rc.d]\% /sbin/ipchains -n -L
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target     prot opt     source                destination          
ports
MASQ       all  ------  0.0.0.0/0            0.0.0.0/0             n/a
Chain output (policy ACCEPT):
[root@nubble rc.d]\%          

The basic Rustys
And now both nubble (the router) and the win98box on the network can
connect to the internet.

Thanks a bunch.
Now if I can just refine from there to block out the bad guys.

But the dang route -n command still reports the same, of course. But I
keep thinking I need a routing gateway?
Oh-well

Thanks again................. Jim H..

Dave Delage wrote:
> 
> Jim,
> 
> Ok, now first this disclaimer:  I don't claim to be an ipchains expert.
> 
> With that out of the way, here's where I think the problem is:
> > Chain input (policy DENY):
> > target     prot opt     source                destination
> > ports
> > ACCEPT     all  ------  192.168.0.0/24       0.0.0.0/0             n/a
> > ACCEPT     all  ------  127.0.0.1            0.0.0.0/0             n/a
> Your default policy for input is DENY, and then you open it up to
> traffic from your local network and from the loopback.  If I understand
> ipchains correctly, you are not allowing any traffic from your ISP (or
> the internet at large) to get through the chains.
> 
> I was banging my head against the wall trying to figure out my setup,
> and once I used Rusty's Three-Line magic, it all worked okay.  If you're
> worried about security, then you should probably take a look at
> /etc/inetd.conf and comment out the services you aren't using.  The way
> I understand it is that if you don't have a service defined for a
> particular port, then the packet gets dropped on the floor.
> 
> -Dave

-- 
 
 ,''',''',  
',''',''','
      ___
    _/___\_
    _|_O_|_
     /   \
   _/     \_
  |         |
^^^^^^^^^^^^^^^^^^^^
  www.light-by-the-sea.com
   vp in charge of technical screw ups                         
 
Jim H.

Mailed with Netscape 4.7 on RedHat Linux 6.1
 2000 years ago the Egyptians treated cats as Gods.
 They never got over it.

-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]

Reply via email to