/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
>Well, as you might guess, this is another newbie who is trying to set
>up your basic gateway/firewall, and has
Hehe, we have all been there sometime.
>1) spent a week reading the HOWTOs and TFM pages, to no avail.
Good thing to read the HOWTO, I learned a lot from it, back when I read
it.
>2) dug around in the archive, also to no avail.
Hmm, I bet it's there, just a little hard to find.
>Here's the output of "sh -x rc.firewall" that works:
>
>+ /sbin/depmod -a
>+ /sbin/modprobe ip_masq_ftp
>+ echo 1
>+ echo 1
>+ echo 1
>+ /sbin/ipchains -F input
>+ /sbin/ipchains -F output
>+ /sbin/ipchains -F forward
>+ /sbin/ipchains -M -S 7200 10 160
>+ /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp
>+ /sbin/ipchains -P forward MASQ
>+ /sbin/ipchains -A forward -i eth1 -s 192.168.1.0/24 -j MASQ
>
>That next-to-last line had been as recommended by the HOWTO:
>
>+ /sbin/ipchains -P forward DENY
>
>This utterly fails, and blocks all traffic from the internal network
>to the Internet.
Yep, of course it does.. That's what it does...
But remember to put it before the rest of your rules, else it will just
"overwrite" the other rules.
Just put that line before your other ipchains lines.
One thing I don't get, is why you have made theese two lines?
>+ /sbin/ipchains -F input
>+ /sbin/ipchains -F output
They flush the chains, right? But why do you type input and output allso?
Isn't needed, I just have '/sbin/ipchains -F' that works just fine.
Elector - MVS
[EMAIL PROTECTED]
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
