>Is forwarding called everytime a packet tries to leave the network or come
>in from outside? If so shouldn't
>
>"ipfwadm -F -a accept -S $extnet -D $universe",
This is not required. The default route will take care of this.
>"ipfwadm -F -a accept -S $universe -D $extnet"
Do you want ALL traffic from the Internet to only goto the $extnet interface?
If not (masqing won't work, etc), this is wrong.
>"ipfwadm -F -a -m -S $intnet -D $universe"
This is correct though you need a "-w ppp0" on this line to specify the
outgoing connection.
>When I set these rules, the fw can ping out but can't make any tcp
>connections,
>and the web server gets "no route to host" if it tries to ping out.
That is a routing issue. In the future, I always recommend that endusers
send the output from the following:
ifconfig
netstat -rn
a copy of your firewall rules
cat /proc/sys/net/ipv4/ip_forward
Ps. Since you have your own Class-C network, I take it that your ISP
has configured all the proper routing on their end to point
your Class-C to your PPP address. No?
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
