On Tue, 26 Aug 1997, Mario Olimpio de Menezes wrote: > My linux box acts as a ip-masq for the internal sub-net of > Windows machines. It has 3 cards: one for output to Internet, with a > valid IP address and 2 for the internal sub-net. > IP-Masq is working OK; all machines can telnet, browse, ftp, etc > to external servers on Internet, being masquerade with the Linux IP. > I'm using this sintax: > # ipfwadm -O -a deny -S 0.0.0.0/0 -D some.site.denied/0 > > but isn't working, since I can connect the denied site from a inside > machine. What is wrong?
Have you tried: # ipfwadm -F -p deny # ipfwadm -F -a masq -S <internal_net> -D 0.0.0.0/0 # ipfwadm -F -i deny -S <internal_net> -D some.site.denied/32 (that is adding a forwarding rule before masquerading) Ciao ---------------------------------------------------------------------- Dalla Silvestra Michele Other info: finger://[EMAIL PROTECTED] Key fingerprint = 68 02 A9 C7 FB 05 9E 9C C7 B6 4A 13 61 25 5B 43 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
