Re: Masquerading

• Next message: Glynn Clements: "Re: Masquerading"
• Previous message: Admin-tau: "Re: Chat program"
• Next in thread: Glynn Clements: "Re: Masquerading"
• Maybe reply: Glynn Clements: "Re: Masquerading"
• Maybe reply: Glynn Clements: "Re: Masquerading"
• Reply: Jose Luis Saraiva Hime: "Re: Masquerading"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ketil Froyn wrote:

> > ipchains -F forward
> > ipchains -A forward -s 192.168.100.0/24 -i eth0 -d x.x.x.x/x -j ACCEPT
> > ipchains -A forward -s 192.168.100.0/24 -i eth0 -j MASQ
> > ipchains -A forward -j DENY -l
> >
> > where x.x.x.x/x is the registered network.
>
> I've done something like this once, and I forgot to let the packets from
> x.x.x.x/x back through, like I think you did here. Or am I still under
> influence from the party last night? :)

No, you are correct. I omitted the reverse rule for the
non-masqueraded packets (you don't need one for replies to masqueraded
packets; these are forwarded automatically).

> ie. you need
> ipchains -A forward -s x.x.x.x/x -i eth0 -d 192.168.100.0/24 -j ACCEPT
> as well.

Yep. Or add the "-b" switch to the original rule.

-- 
Glynn Clements <glynn@sensei.co.uk>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu

• Next message: Glynn Clements: "Re: Masquerading"
• Previous message: Admin-tau: "Re: Chat program"
• Next in thread: Glynn Clements: "Re: Masquerading"
• Maybe reply: Glynn Clements: "Re: Masquerading"
• Maybe reply: Glynn Clements: "Re: Masquerading"
• Reply: Jose Luis Saraiva Hime: "Re: Masquerading"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Jan 07 2000 - 21:00:11 EST