Jeff Garzik <[EMAIL PROTECTED]> wrote:
>
> IP firewall forward rules, default policy: deny
> type prot source destination ports
> acc all 10.0.1.0/24 10.0.2.0/24 n/a
> acc/m all 10.0.1.0/24 anywhere n/a
Is that first rule a bidirectional rule ("-b" flag)? If not, then it
means that returning traffic, attempting to come from 10.0.2 back to
10.0.1, is being denied.
This sort of bi-directional rule is not needed when setting up masq,
because the de-masq process by-passes the forwarding rule check on
return traffic. But standard forwarded packets must pass the forward
ruleset before they can be permitted.
Likewise the other router box should have a bidirectional accept rule,
too.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
