Re: IP Firewalling/Forwarding baffles me

To: "Kendall P. Bullen" <kpb@lists.tax.org>
Cc: debian-user@lists.debian.org
Subject: Re: IP Firewalling/Forwarding baffles me
From: dmartin@clifton-labs.com (Dale E. Martin)
Date: 16 Sep 1998 10:16:35 -0400
Message-id: <[🔎] 87hfy8rvlo.fsf@gerbil.clifton-labs.com>
In-reply-to: "Kendall P. Bullen"'s message of Tue, 15 Sep 1998 21:50:14 -0400 (EDT)
References: <[🔎] Pine.LNX.3.96.980915213335.10932A-100000@lists.tax.org>

The missing link for me was that if you're using "standard" linux
firewalling, which is packet filtering, you _need_ ip forwarding enabled.
(The HOWTO says don't enable it, but that's for TIS proxying firewalls -
not what we're talking about here.)

Also, for ipchains at least, order counts.  You need to enable everything
that you want to let through first, and then disable _everything_ last.
The first rules in the chain get "executed" before the ones in the end.

With those two tips, and the docs, I was able to get my firewall working
the way I wanted.  Feel free to email me if that's not enough info.

(BTW, you need a 2.1 kernel for ipchains afaik.)

Later,
	Dale
-- 
+------------------ email me for my pgp public key --------------------+
| Dale E. Martin |  Clifton Labs, Inc.  |  Senior Computer Engineer    |
| dmartin@clifton-labs.com    |    http://www.clifton-labs.com         |
+----------------------------------------------------------------------+

Reply to:

References:
- IP Firewalling/Forwarding baffles me
  - From: "Kendall P. Bullen" <kpb@lists.tax.org>

Prev by Date: X-modes other than the defaults.
Next by Date: Re: scilab demos crash whole scilab
Previous by thread: IP Firewalling/Forwarding baffles me
Next by thread: Re: IP Firewalling/Forwarding baffles me
Index(es):
- Date
- Thread