ipchains
Anthony J. Gabrielson
agabriel at coe.neu.edu
Tue Aug 24 12:42:41 EDT 1999
Jerry,
I finally got a chance to take a look at the ipchains again. I
have set up 3 rules:
ipchains -P forward DENY
ipchains -A forward -i eth1 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
eth1 is inside my network. eth0 is outside. E.X:
eth0 Link encap:Ethernet HWaddr 00:40:05:A0:99:71
inet addr:209.109.48.71 Bcast:209.109.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:730 errors:0 dropped:0 overruns:0 frame:0
TX packets:1033 errors:0 dropped:0 overruns:0 carrier:0
collisions:5 txqueuelen:100
Interrupt:11 Base address:0xfc00
eth1 Link encap:Ethernet HWaddr 00:40:05:A0:99:76
inet addr:128.10.200.16 Bcast:128.10.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0xf880
For the example I am working on - I would just like 1 ip to get
through(all though it doesn't matter if everyone on the inside can get
through). THe only special service I am running is routed. I have my
desktop configured to use 128.10.200.16 as a gateway. I have the same DNS
on the linux machine as on the NT box. The only reason I can come to that
this is not working, is that I may need a DNS server set up. I don't
know, I kind of confused. I have not tried the script that you fixed, as
I am on the office T1 with static IP's. I am trying to do this mostly so
people will have easier access to their desktops from home, but our
current Socks 5 is very inadequate.
As always help is appreciated.
Sorry about the length of the message.
Thanks,
Anthony
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list