On Thu, 5 Apr 2001, Darrell May wrote:
> Port 1023 and above are opened for TCP and UDP outbound.
There are provided without any special arrangement by the IP masquerading.
> Gordon has replied that I need ipchains forward entries as
> well so I'll try that next.
I don't think that is the case. I was able to forward SSH to an internal
machine using only ipmasqadm and an ACCEPT rule on the input chain, which
is what you already have.
Change this rule:
/sbin/ipchains --append forward --jump DENY
to:
/sbin/ipchains --append forward --jump DENY --log
to see whether blocking of packets on the forward chain is causing your
problem.
Charlie Brady [EMAIL PROTECTED]
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
