Hello everyone,
Let me preface this by saying that I am seriously disappointed by my failure
to figure out what I'm doing wrong here, and any admonitions I receive from
ramin for being an idiot will be appreciated. I've been using ipchains for a
over a year for simple packet filtering and am now
does one generally set the -P on their mangle table chains to DROP, even if
you're not using them for anything?
usual procedure says set -P on all chains to DROP and allow what's
necessary, but if you're not using your mangle table chains for anything and
you set -P to DROP (on the iptables -t
seeking advice...
i have a /29 range of public ips from my isp. all but one of the ip
addresses are taken up by static mappings (servers of various
functions/domains) to addresses on my 10.1.1.0/24 internal network. what
i'd like to do with the remaining public ip address is use it as a sort
of
Just as a side note, the numbers in the brackets are how
iptables-save/restore keeps the counter information.
[packets:bytes]
on 6/4/02 19:46, [EMAIL PROTECTED] wrote:
:PREROUTING ACCEPT [241:88600]
-=p=-
- eth2 - 10.102.104.0
- eth3 - 10.103.104.0
Then it's just a matter of standard SNAT and DNAT based on interface.
Why the funky netmasks on the 3 internal networks? Do they have subnetworks
of their own?
patrick conlin
