/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Hi, I'm just wondering regarding the default policy that i've set to my masq. script using ipchains. I used to deny/reject other services which im not using and allow only several station to access some services such us web browsing to reduce network traffic. But when I set the default policy to REJECT all(input/output/forward) the masqurade server does'nt pass any of the services but when i set the default policy to ACCEPT(input/output), Reject(forward) the masqurade server works. Can anyone explains this to me why? Please help, and thanks for those who will reply. Sample script: Client_Lan_Interface="eth1" internal lan Server_Lan_Interface="eth0" internet connected mikecarel="192.168.1.67/32" Client_Lan="192.168.1.0/24" TEAM3="my.isp.dns.server" /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward /sbin/ipchains -P input REJECT (this works if ACCEPT) /sbin/ipchains -P output REJECT(this works if ACCEPT) /sbin/ipchains -P forward REJECT #DNS /sbin/ipchains -A input -i $Client_Lan_Interface -p tcp -s $Client_Lan $Unpriviledge -d $TEAM3 53 -j ACCEPT /sbin/ipchains -A output -i $Client_Lan_Interface -p tcp -s $TEAM3 53 -d $Client_Lan $Unpriviledge -j ACCEPT /sbin/ipchains -A input -i $Client_Lan_Interface -p udp -s $Client_Lan $Unpriviledge -d $TEAM3 53 -j ACCEPT /sbin/ipchains -A output -i $Client_Lan_Interface -p udp -s $TEAM3 53 -d $Client_Lan $Unpriviledge -j ACCEPT /sbin/ipchains -A forward -i $Server_Lan_Interface -p tcp -s $Client_Lan $Unpriviledge -d $TEAM3 53 -j MASQ /sbin/ipchains -A forward -i $Server_Lan_Interface -p udp -s $Client_Lan $Unpriviledge -d $TEAM3 53 -j MASQ #mikecarel internet access /sbin/ipchains -A input -i $Client_Lan_Interface -p tcp -s $mikecarel $Unpriviledge -d $Any 80 -j ACCEPT /sbin/ipchains -A output -i $Client_Lan_Interface ! -y -p tcp -s $Any 80 -d $mikecarel $Unpriviledge -j ACCEPT /sbin/ipchains -A forward -i $Server_Lan_Interface -p tcp -s $mikecarel $Unpriviledge -d $Any 80 -j MASQ Regards, Mike _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
