ipchains

Anthony J. Gabrielson agabriel at coe.neu.edu
Tue Aug 24 12:42:41 EDT 1999


Jerry,
	I finally got a chance to take a look at the ipchains again.  I
have set up 3 rules:
	ipchains -P forward DENY
	ipchains -A forward -i eth1 -j MASQ
	echo 1 > /proc/sys/net/ipv4/ip_forward
eth1 is inside my network.  eth0 is outside.  E.X:
eth0      Link encap:Ethernet  HWaddr 00:40:05:A0:99:71
          inet addr:209.109.48.71  Bcast:209.109.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:730 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1033 errors:0 dropped:0 overruns:0 carrier:0
          collisions:5 txqueuelen:100
          Interrupt:11 Base address:0xfc00

eth1      Link encap:Ethernet  HWaddr 00:40:05:A0:99:76
          inet addr:128.10.200.16  Bcast:128.10.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:10 Base address:0xf880
For the example I am working on - I would just like 1 ip to get
through(all though it doesn't matter if everyone on the inside can get
through).  THe only special service I am running is routed.  I have my
desktop configured to use 128.10.200.16 as a gateway.  I have the same DNS
on the linux machine as on the NT box.  The only reason I can come to that
this is not working, is that I may need a DNS server set up.  I don't
know, I kind of confused.  I have not tried the script that you fixed, as
I am on the office T1 with static IP's.  I am trying to do this mostly so
people will have easier access to their desktops from home, but our
current Socks 5 is very inadequate.

As always help is appreciated.
Sorry about the length of the message.
Thanks,
Anthony 


-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list