[ale] next stupid ipchains question
Wandered Inn
esoteric at atlnet.com
Thu Sep 7 13:02:14 EDT 2000
Joe Knapka wrote:
>
> Wandered Inn wrote:
> >
> >
> > $IPCHAINS -F
> > $IPCHAINS -P forward DENY
> >
> > $IPCHAINS -A forward -i eth0 -j MASQ
> > $IPCHAINS -A forward -i eth1 -j MASQ
> >
> > I've attempted to change the MASQ to ACCEPT and when I do, I no longer
> > am able to get from 192.168.255.0 to 192.168.10.0.
>
> Is there a rule in the output chain that might be killing
> off packets that aren't masqueraded?
No. What you see above are all the chains.
>
> Add the -l flag to every "DENY" or "REJECT" rule, make sure
> you have a final rule in each chain that unconditionally does
> a "DENY" or "REJECT" (so you can tell if packets are just falling
> all the way through the chain), and look at the syslog output
> when trying to ping from one subnet to the other.
Based on the above, I guess I'll add an '$IPCHAINS -A forward -j DENY
-l' ??
>
> -- Joe
>
> > eth0 -> 192.168.255.0
> > eth1 -> 192.168.10.0
> >
> > >
> > > -- Joe
> >
> > --
> > Until later: Geoffrey esoteric at denali.atlnet.com
> >
> > Microsoft != Innovation
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
>
> --
> *** Joseph Knapka ***
> In any formula, constants (especially those obtained from handbooks)
> are to be treated as variables.
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
--
Until later: Geoffrey esoteric at denali.atlnet.com
Microsoft != Innovation
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list