-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >On Thu, 17 Jan 2002, Andreas Hansson wrote: > >> For each dnat line, add an accept line in forward:
Andreas' note here brings up another point, Mike. In my (not always) humble opinion, it would help you a lot to mentally and physically separate the functions of routing and filtering. Your NAT and forwarding rules should be in one file, and your packet filtering in another. That allows you to isolate the sources of trouble, as well as keep those functions separate in your head. In this case, for instance, it would have been very desirable to shut down packet filtering entirely to ensure that it was not at fault, while leaving forwarding/routing rules active. I have two sets of rules, living at /etc/init.d/router and /etc/init.d/firewall, for this reason. This also makes it safe to tinker with my routing rules without momentarily leaving my system unprotected. Cheers -d - -- David Talkington PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp - -- http://setiathome.ssl.berkeley.edu/pale_blue_dot.html -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQA/AwUBPEZbWr9BpdPKTBGtEQLc1wCg5wPt/FcSdNH59oFLoXBz/kstd2sAnjuX 7k/7qA9VaOiQtvbL1FvQ0ISb =MfrJ -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
