/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Craig Williams wrote:
> raf,
>
> Yes, sorry - this has been done and works fine as my internal machines can
> access the internet.
>
> Craig
>
> > a prerequisite for portfw is masquerading in the other
> > (outward) direction.
> > i think this is only mentioned in the ipmasqadm manpage but i
> > could be wrong.
> > have you done this?
> > i.e.
> > ipchains -P forward DENY
> > ipchains -A forward -s 192.168.1.X/32 -j MASQ
> >
> > (replace the /32 with /24 or something if you want internal hosts
> > on that lan masqueraded for outgoing connections).
hmm, should work, then :) are you sure that you have an ipchains
that allows incoming http connections and outgoing reply packets?
another possibility is that you are testing this from inside the
network. if so, it won't work without michael best's masq-demasq
kernel patch. portfw only works for externally initiated connections.
could this be it? if it's not, i'm out of ideas. if it is, go to
http://fwup.org/ and download the package there and unpack it.
it contains a patches directory which contains the masq-demasq patch.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
