[ale] home networking difficulties

Andrew Grimmke grimmke at directvinternet.com
Wed Aug 28 09:37:39 EDT 2002


On Wed, 28 August 2002, Jonathan Glass wrote:

> 
> What happens if you set your forward policy to
ACCEPT? 

ipchains -L shows that it is.  Although I see what you
are talking about below.  Hmm.

> Why aren't you 
> using iptables?

The recommendation I have heard is that, unless there
is an obvious advantage, ipchains remains an easier
solution.  Also, I have heard that iptables does not
support a number of services.

> See comments below.
> 
> Jonathan
> 

At 03:54 AM 8/28/2002 -0700, Andrew Grimmke wrote:
>On Tue, 27 August 2002, Geoffrey wrote:
> > Thats the good news.  The bad news is that IP
> > forwarding/masquerading does not seem to be working.

<snip some stuff>

> > # 1) Flush the rule tables.
> >    /sbin/ipchains -F input
> >    /sbin/ipchains -F forward
> >    /sbin/ipchains -F output
> > # 2) Set the MASQ timings and allow packets in for
> > DHCP configuration.
> >   /sbin/ipchains -M -S 7200 10 60

> Interesting...I've never done this before...

I'm sure the default timings are fine.  What I put in
there came straignt out of the howto.

> >   /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0
68
>-d 0/0 67 -p udp
> > # 3) Deny all forwarding packets except those from
> > local network.
> > #    Masquerage those.

> If you change this line to ... -P forward ACCEPT,
what happens?

I will try.  

> >   /sbin/ipchains -P forward DENY

> Shouldn't you specify which NIC has the 192.168.1.0 >
network, to prevent IP spoofing?

Thank you.  This is the type of advice I need. 

> >   /sbin/ipchains -A forward -s 192.168.1.0/24 -j
MASQ

> > # 4) Load forwarding modules for special services.
> >   /sbin/modprobe ip_masq_ftp
> >   /sbin/modprobe ip_masq_raudio
> >
> > did I do something wrong?  Is there anything I
missed?
> >
> >  Thanks,
> >  Andrew
> >
> >  Andrew Grimmke
> >  Marietta, Georgia

Andrew Grimmke
Marietta, Georgia

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list