Chris Eng <[EMAIL PROTECTED]> wrote:
>
> /sbin/ipchains -P forward MASQ
> /sbin/ipchains -A forward -s 192.9.200.0/24 -d 0.0.0.0/0
Your first ruleset doesn't specify a target (-j). Isn't that an error?
> it seems to work, but is there a security risk? i notice that most
> people seem to use /sbin/ipchains -P forward DENY instead of MASQ, but
> when i do that, nothing seems to get through.
A default policy of MASQ means that any packet being forwarded from any
interface to any other interface will be masqueraded. That means
someone could forward packets through your box, and they would be
masqueraded onto your local network! Doesn't that concern you?
> (192.9.200.0/24 is my local LAN)
That's not an unused network address. Are you sure it's appropriate for
a private LAN?
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
