Re: ipchains, must be asked millions of time, but i'm lost

To: debian-firewall@lists.debian.org
Subject: Re: ipchains, must be asked millions of time, but i'm lost
From: Gian Piero Carrubba <gpcarrubba@libero.it>
Date: 17 Jun 2003 11:31:52 +0200
Message-id: <[🔎] 1055842314.1483.118.camel@cancan>
In-reply-to: <[🔎] 200306162350.31096.jslootbeek@clarku.edu>
References: <[🔎] 200306162118.42416.jslootbeek@clarku.edu> <[🔎] 200306162350.31096.jslootbeek@clarku.edu>

Il mar, 2003-06-17 alle 05:50, Jule Slootbeek ha scritto:
> > i've gotten a DHCP server running on the server, and the client is
> > connected to it with DHCP, which works fine, i can ssh from the client to
> > the server and i can go online with the server, but with the client i can't
> > go online through the server. I've setup ipchains with the folowing basic
> > rules
> >
> > ipchains -P forward DENY
> > ipchains -A forward -i eth0 -j MASQ

i don't use ipchains since a while, however IIRC in the forward chain
the -i parameter denotes the input interface, not the output, so you
should change the line with "-i eth1"...

> > incoming: ACCEPT
> > forward: DENY
> > incoming: ACCEPT
    ^^^^
i guess it's "outcoming"...

> > -A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j MASQ
> >
> > shouldn't there be some kind of numbers? my subnet forinstance? in stead of
> > 0.0.0.0 four times?

no, you haven't specified the addresses, only the "input" (see above)
interface...

Regards,
Gian Piero.

Reply to:

References:
- ipchains, must be asked millions of time, but i'm lost
  - From: Jule Slootbeek <jslootbeek@clarku.edu>
- Re: ipchains, must be asked millions of time, but i'm lost
  - From: Jule Slootbeek <jslootbeek@clarku.edu>

Prev by Date: Re: ipchains, must be asked millions of time, but i'm lost
Next by Date: Re: ipchains, must be asked millions of time, but i'm lost
Previous by thread: Re: ipchains, must be asked millions of time, but i'm lost
Next by thread: Re: ipchains, must be asked millions of time, but i'm lost
Index(es):
- Date
- Thread