ipchains

Derek Martin dmartin at LanCity.COM
Tue Aug 24 13:45:58 EDT 1999


On Tue, 24 Aug 1999, Anthony J. Gabrielson wrote:

> Jerry,
> 	I finally got a chance to take a look at the ipchains again.  I
> have set up 3 rules:
> 	ipchains -P forward DENY
> 	ipchains -A forward -i eth1 -j MASQ
> 	echo 1 > /proc/sys/net/ipv4/ip_forward
> eth1 is inside my network.  eth0 is outside.  E.X:

Change eth1 to eth0 in your rule above, and it should work.  As I said in
my previous message, the -i option specifies the TARGET interface with
forward and output chains, NOT the source interface.

Also, if you're on a redhat system, you don't need to do that echo command
if you set 

FORWARD_IPV4=true

in /etc/sysconfig/network


Derek D. Martin   |  UNIX System Administrator
derek at netria.com  |  dmartin at lancity.com

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list