/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
I am setting up ip masquerading with ipchains 1.3.9 on a 2.2.12
kernel. I sucessfully implimented the weak IP Masquerading example ruleset
as illustrated in the IP Masqerading howto. However when I try to switch
from the weak to strong ruleset (as indicated in the howto) masqerading
breaks. By breaking, when I try to ping an address on the external network
from a masqued machine or from the masq server the operation is prohibited.
I get the same results with the trinity ruleset. I have narrowed down the
cause of the problem to these three lines in the rulset.
intnet="10.0.0.0/0"
extint="eth0"
# remote interface, claiming to be local machines, IP spoofing, get lost
ipchains -A input -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT
# outgoing to local net on remote interface, stuffed routing, deny
ipchains -A output -i $extint -s 0.0.0.0/0 -d $intnet -l -j REJECT
# outgoing from local net on remote interface, stuffed masquerading, deny
ipchains -A output -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT
Looking at the rulset I think I would like the protection that these
rules provide if possible. Any ideas as to what I might be doing wrong? I
think somehow this rule is treating the allowable IP traffic as if it is
spoofed traffic.
Thank you
Scott Brause
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
