>When you change numbers, you always risk hiding something that matters. >Here, I'm proceeding on the following assumptions: > > 1. That the "231.123.123" substitues for a "real" class C > address, not a private-space address > 2. That the fourth number in the quad is the real number.
Yes. The I changed the part of the /29 that was masked. All else is 100%. Thanks for pointing it out though as these messages get archived and I can see someone making that mistake. i.e. Switching a .240 for a .128 with a narrow mask. > >Here is what I have: >> Router/firewall with 3 NIC's. >> Five (5) class C static IP's i.e. 231.123.123.242:245 > >This is 4 addresses, not 5. I assume you have: > network: a.b.c.240/29 > addresses: a.b.c.241-245 > gateway: a.b.c.246 > broadcast: a.b.c.247 Yes. This is it precisely. > > ipchains -C -p tcp -i eth0 -s 0.0.0.0 www 231.123.123.242 www > >I believe there is a typo in the test line. It should read: > >ipchains -C -p tcp -i eth0 -s 0.0.0.0 www -d 231.123.123.242 www > ^^ >I don't know if the typo is just here in this message or in your actual test >as well. If it is in your tests, I couldn't predict what would happen. Typing error in my message. The error checking in the -C option detects missing protocols, ports etc. including missing destinations. > > >eth0_DEFAULT_GW=231.123.123.241 >Should be > eth0_DEFAULT_GW=231.123.123.246 Ooops. I blew away the config to start from scratch and messed this one up. I'll fix it and see which part of the script is generating the DENY and try to update the results later. Thanks for your input! Scott _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user