/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Brad Urban [mailto:[EMAIL PROTECTED]] wrote:
> I'm trying to use IP Tables and I'm following the
> Howto guide as carefully as possible. I get as far as pinging the
> server's outside eth0 card from the node, and this works, but I cannot
> ping anything on the outside from the nodes.
This is most likely due to an error in the HOWTO version you are using.
Early versions of the HOWTO indicated the use of a DROP policy on the
FORWARD chain of the filter table. This will not work. I've talked with
the HOWTO author a bit regarding this. He's planning on releasing a new
version sometime soon.
I'm currently debating helping to update the existing HOWTO or start from
scratch on a new one specifically for IPTABLES. In the meantime, if you
change this to ACCEPT, you will have outbound access. This is however, very
insecure. I highly suggest the use of my firewall script as it is
significantly more secure than what is presented in the existing HOWTO.
Part of the discussion I've had with the existing HOWTO's author has been in
regard the strength of the firewall script that he's presenting. I'm aware
that the HOWTO indicates that the script presented is weak. However, it is
my opinion that it is better to start with a denial policy (ie setting all
policies to DROP) and then work your way up to allow specific connections.
Jamin W. Collins
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
