[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: I just am not doing something right.

Jim Ruby wrote:
> 
[snip]
> /sbin/ipchains -P input DENY
> /sbin/ipchains -P output DENY
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -F input
> /sbin/ipchains -F output
> /sbin/ipchains -F forward
> /sbin/ipchains -A input -j ACCEPT -i lo
> /sbin/ipchains -A input -j ACCEPT -i eth0 -s 192.168.207.110/255.255.255.0
> /sbin/ipchains -A input -j ACCEPT -i ppp0 -d 209.100.171.123/32
> /sbin/ipchains -A input -j DENY -i ppp0 -s 192.168.207.110/255.255.255.0 -l
> /sbin/ipchains -A forward -j MASQ -i ppp0 -s 192.168.207.110/255.255.255.0
> /sbin/ipchains -A output -j ACCEPT -i lo
> /sbin/ipchains -A output -j ACCEPT -i eth0 -d 192.168.207.110/255.255.255.0
> /sbin/ipchains -A output -j ACCEPT -i eth0 -d 224.0.0.0/240.0.0.0 -p tcp
> /sbin/ipchains -A output -j ACCEPT -i ppp0 -s
> 209.100.171.123/255.255.255.255
> /sbin/ipchains -A output -j DENY -i ppp0 -d 192.168.207.110/255.255.255.0 -l
> echo "1" > /proc/sys/net/ipv4/ip_forward
> 
[snip some more]

Why all the rules? I usually start out basic. Try these rules instead (from
IPCHAINS-HOWTO).

ipchains -P forward DENY
ipchains -A forward -i ppp0 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward

If these do not work, let me know, and I will look at my masq box at home to get
the rules I use.

-- 
Paul Miller
pmiller@jove.acs.unt.edu
Reply to: