[ale] IP-Forwarding

Jay Munsterman jmunster at mindspring.com
Sun Oct 5 22:29:36 EDT 1997


Robert,
The commands below are a basic firewall. It allows no connections that 
don't originate from the local net. Only traffic from the inside to out.

I use this and diald for my network, and it works great. One word of
advice, set up a DNS server for your private network. I found that with
my machines looking outside for DNS, diald was picking up the phone line
at odd times. I fired up dctrl on the forwarding box and saw flurries of
DNS queries. All the hosts were configured to use /etc/hosts before bind, but
whenever a local telnet or ftp session was opened, the server process would
attempt to do a lookup on the originating IP. At least I am guessing that
this was what was causing it. I set up a local name server, and diald is 
happy. 

Goos luck,
jay

On 05-Oct-97 Robert L Harris was heard to have said:
|>> 
|>> Robert,
|>> Is the use of ipfwadm required to get forwarding to work? I use it at home
|>> and have never had a problem. In rc.local I have:
|>> 
|>> /sbin/ipfwadm -F -p deny
|>> /sbin/ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
|>> 
|>> where 192.168.0.0 is the local net. 
|>> Don't know if this helps. God luck,
|>> Jay
|>> 
|>
|>This did exactly what I needed.  Thanks,  I'll worry about firewalling out
|>the net later.  Now to get diald working.
|>
|>Robert
|>
|>---------------------------------------------------------------------------
|>Robert L. Harris          |    If NT is the answer,
|>System Engineer For Hire. \_     you don't understand the question.
|> 
|>Email:
|>Robert at ast.lmco.com
|>http://www.orci.com/~nomad
|>  
|>DISCLAIMER:
|>  These are MY OPINIONS ALONE.  I speak for no-one else.
|>   
|>perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

--------------------------------------------------------
E-Mail: Jay Munsterman<jmunster at mindspring.com>
Date: 05-Oct-97
Time: 22:29:36
PGP public Key:
         http://www.mindspring.com/~jmunster/pubkey.html
--------------------------------------------------------






More information about the Ale mailing list