Re: ipchains
A long time ago, in a galaxy far, far way, someone said...
> On my network there is one linux server and some windows things, the linux
> server is used as a gateway (and some other things), but it doesn't work
> properly. When internet exploder is used, all goes fine (most of the
> time), but when for example someone tries to ping from within the dos box
> it doesn't. I think it has something to do with ipchains. Both the input
> as the output chain accept anything and the forward chain:
> ipchains -A forward -j MASQ -s 192.168.0.1 -d 0.0.0.0/0
>
> (for every IP on the network).
>
> What can I do to fix this??
First off, I would redo your IPChains setup - using MASQ on each IP on the
network is overkill. I use these four lines:
ipchains -P forward DENY
ipchains -A forward -i ppp0 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
in that order. Everything works. After that I put in some firewalling
rules to protect the firewall, and all is well.
Make sure you replace ppp0 with the interface for the link to the outside
world. The third line is needed only if your link to the outside world
has a dynamic IP ie a cable modem with DHCP, or an analog modem.
--
----------------------------------------------------------------------
Phil Brutsche pbrutsch@creighton.edu
"There are two things that are infinite; Human stupidity and the
universe. And I'm not sure about the universe." - Albert Einstein
Reply to:
- References:
- ipchains
- From: Ron Rademaker <ron@wep.tudelft.nl>