/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */ I have set up Ipchains modeled after the example in the IPChains HOWTO with a few variations. I have setup my caching DNS sever in the DMZ net. The DMZ net is MASQ from the firewall. New problem: Acess to ftp sites not allowed, from Netscape Browser or from ftp command line. Partial solution: (help needed) The following has allowed command line ftp access - ipchains -A good-bad -p tcp --dport ftp-data -j MASQ I still cannot access ftp site from Netscape browser (help please) 1st problem: Every thing from within my private network seems to work as expected except while using Netscape to browse a site that requires password entry. Then I get at "TCP Error: no route to host " error message from netscape. Solution: access to secure sites - add "https 443/tcp" to /etc/services - ipchains -A good-bad -p tcp --dport https -j MASQ Solution provided by: Ron Watkins from post dated 8/19/99 Re:Secure Web Site access 2nd problem: Diald won''t connect when attempt is made to connect to the outside from my inside private network. I have to make the attemp from my firewall machine to establish a connection. Once connectted my private network works fine. Solution: Allow packets to reach and activate diald (monitoring on sl0 interface) ipchains -A forward -s 192.168.120.0/24 -i sl0 -j dmz-bad ipchains -A forward -s 192.168.100.0/24 -i sl0 -j good-bad Solution provided by: John Hardin _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
