[ale] home networking difficulties

Andrew Grimmke grimmke at directvinternet.com
Wed Aug 28 20:00:04 EDT 2002


I am up.  Just went and copied an rc.firewall script.  Works perfect. 
Followed the instructions in the ip-masq howto.  Using iptables.  It's
all good.


On Wed, 2002-08-28 at 09:37, Andrew Grimmke wrote:
> On Wed, 28 August 2002, Jonathan Glass wrote:
> 
> > 
> > What happens if you set your forward policy to
> ACCEPT? 
> 
> ipchains -L shows that it is.  Although I see what you
> are talking about below.  Hmm.
> 
> > Why aren't you 
> > using iptables?
> 
> The recommendation I have heard is that, unless there
> is an obvious advantage, ipchains remains an easier
> solution.  Also, I have heard that iptables does not
> support a number of services.
> 
> > See comments below.
> > 
> > Jonathan
> > 
> 
> At 03:54 AM 8/28/2002 -0700, Andrew Grimmke wrote:
> >On Tue, 27 August 2002, Geoffrey wrote:
> > > Thats the good news.  The bad news is that IP
> > > forwarding/masquerading does not seem to be working.
> 
> <snip some stuff>
> 
> > > # 1) Flush the rule tables.
> > >    /sbin/ipchains -F input
> > >    /sbin/ipchains -F forward
> > >    /sbin/ipchains -F output
> > > # 2) Set the MASQ timings and allow packets in for
> > > DHCP configuration.
> > >   /sbin/ipchains -M -S 7200 10 60
> 
> > Interesting...I've never done this before...
> 
> I'm sure the default timings are fine.  What I put in
> there came straignt out of the howto.
> 
> > >   /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0
> 68
> >-d 0/0 67 -p udp
> > > # 3) Deny all forwarding packets except those from
> > > local network.
> > > #    Masquerage those.
> 
> > If you change this line to ... -P forward ACCEPT,
> what happens?
> 
> I will try.  
> 
> > >   /sbin/ipchains -P forward DENY
> 
> > Shouldn't you specify which NIC has the 192.168.1.0 >
> network, to prevent IP spoofing?
> 
> Thank you.  This is the type of advice I need. 
> 
> > >   /sbin/ipchains -A forward -s 192.168.1.0/24 -j
> MASQ
> 
> > > # 4) Load forwarding modules for special services.
> > >   /sbin/modprobe ip_masq_ftp
> > >   /sbin/modprobe ip_masq_raudio
> > >
> > > did I do something wrong?  Is there anything I
> missed?
> > >
> > >  Thanks,
> > >  Andrew
> > >
> > >  Andrew Grimmke
> > >  Marietta, Georgia
> 
> Andrew Grimmke
> Marietta, Georgia
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 
> 



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list