[ale] next stupid ipchains question
Joe Knapka
jknapka at earthlink.net
Thu Sep 7 13:01:03 EDT 2000
Wandered Inn wrote:
>
>
> $IPCHAINS -F
> $IPCHAINS -P forward DENY
>
> $IPCHAINS -A forward -i eth0 -j MASQ
> $IPCHAINS -A forward -i eth1 -j MASQ
>
> I've attempted to change the MASQ to ACCEPT and when I do, I no longer
> am able to get from 192.168.255.0 to 192.168.10.0.
Is there a rule in the output chain that might be killing
off packets that aren't masqueraded?
Add the -l flag to every "DENY" or "REJECT" rule, make sure
you have a final rule in each chain that unconditionally does
a "DENY" or "REJECT" (so you can tell if packets are just falling
all the way through the chain), and look at the syslog output
when trying to ping from one subnet to the other.
-- Joe
> eth0 -> 192.168.255.0
> eth1 -> 192.168.10.0
>
> >
> > -- Joe
>
> --
> Until later: Geoffrey esoteric at denali.atlnet.com
>
> Microsoft != Innovation
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
--
*** Joseph Knapka ***
In any formula, constants (especially those obtained from handbooks)
are to be treated as variables.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list