ipmasq chain policy

To: debian-user@lists.debian.org
Subject: ipmasq chain policy
From: Ethan Benson <erbenson@alaska.net>
Date: Fri, 28 Jan 2000 17:28:32 -0900
Message-id: <[🔎] 20000128172832.A18642@plato.localdomain.local>

I have noticed a problem with the ipmasq package, by default it sets
all chain policys to DENY, however I have noticed that when my modem
connection drops out and I get a new IP address upon reconnect any ssh
or irc connections i had going on machines behind the firewall
completely hang, for a very long time (especially ssh).  

I just now looked in the logs on the firewall and found it DENYing
outgoing connections on port 6667 and 22 because the IP address had
changed the rules I presume.

would it not be better to set the output chain policy to REJECT
instead of DENY?  this way a destination unreachable should be sent
back to the disconnected irc and ssh programs and they should no
longer hang.. 

I have not tested this assumption yet, I was wondering if there is any
reason for the output policy to be DENY rather then REJECT?

thanks.

-- 
Ethan

Reply to:

Prev by Date: Re: How to use ntp/ntpdate to fix my clock
Next by Date: odd xemacs behaviour when marking
Previous by thread: problem with slocate upgrade (potato)
Next by thread: odd xemacs behaviour when marking
Index(es):
- Date
- Thread