You need to 'ipfwadm -F -p deny' first to set a default policy. then
you can 'ipfwadm -F -a ...' to append forwarding rules to the default
policy. Re-read the last sentence you quoted below.
On 11 Jun 98 at 17:01, Bill Eldridge wrote:
>From the man page:
>
> These rules regulate the acceptance of incoming IP
> local network interfaces are checked against the
> input firewall rules. The first rule that matches
> with a packet determines the policy to use and will
> also cause the rule's packet en byte counters being
> adapted. When no matching rule is found, the
> default policy for the input firewall is used.
>
>
>If you deny everything first, then any packet will match
>that denial, and be rejected. (which is the same way
>Ciscos do it). Unless I'm horribly confused.
>--
>Bill Eldridge
>Radio Free Asia
>[EMAIL PROTECTED]
>
>-----Original Message-----
>From: Joachim Feise <[EMAIL PROTECTED]>
>To: Bill Eldridge <[EMAIL PROTECTED]>
>Cc: Steve Helder <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
><[EMAIL PROTECTED]> Date: Thursday, June 11, 1998 4:54 PM
>Subject: Re: [masq] [masq] IP - masquerade setup problems
>
>
>>Bill Eldridge wrote:
>>
>>> Order matters, so if you deny everythingfirst, then the rules never
>meet the allowclauses later. As mmy first guess.--
>>
>>That is not quite right, actually, it is wrong.
>>For security reasons, you always should deny everything first, and
>subsequently
>>allow things like forwarding.
>>Did you enable forwarding in the proc fs? Try adding this line to your rc
>>script:
>>echo 1 > /proc/sys/net/ipv4/ip_forward
>>
>>Oh, and please don't send HTML-formatted messages. ASCII is preferred (I
>hope I
>>didn't copy the tags over when I copied the text).
>>
>>-Joe
>>
>>> Bill Eldridge
>>> Radio Free Asia
>>> [EMAIL PROTECTED]
>>>
>>> -----Original Message-----
>>> From: Steve Helder <[EMAIL PROTECTED]>
>>> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>>> Date: Thursday, June 11, 1998 2:36 PM
>>> Subject: [masq] IP - masquerade setup problemsI am attempting to
>use IP-Masquerading on a newly
>>> installed Redhat 5.1 Linux box. I am connected to my ISP using
>PPP and can ping the nameservers from
>>> Linux. I have followed the instructions in the Linux IP
>Masquerade mini HOWTO by Ambrose Au for setting
>>> up my Windows 95 machine. After I set it up I can ping the
>ethernet card on the Linux box which is
>>> 10.0.100.5 but can't get any further. (pinging the nameservers) I
>have setup the ipfwadm -F -p deny and
>>> ipfwadm -F -a m S 10.0.100.0/24 -D 0.0.0.0/0 on the Linux box. I
>am assuming I am close but missing
>>> something. Any assistance would be appreciated Steve Helder
>>
>>
>>--
>>Joachim Feise Microsoft Certified Solution Developer
>>mailto:[EMAIL PROTECTED] http://www.ics.uci.edu/~jfeise/
>>mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
>>---------------------------------------------------------------------
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED] For
>additional commands, e-mail: [EMAIL PROTECTED] For daily
>digest info, email [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
