Eyal: Heya. The problem adding some ACCEPT rules to allow one address to work, though, is that these rules must be inserted into the ipchains input chain *before* the rule which DENY's the whole range. Else the packet will be dropped before it gets to the forward chain.
Me, I'm not prejudiced against the RFC-1918 ranges anymore. It used to be that any traffic coming from them could be considered suspicious. Now all traffic is suspicious. :) -Scott > > > Heya. Yes, the 10.x.y.z private IP address range is blocked > > > by the default firewall script that comes with Dachstein. You may > > > want to try "echowall.lrp" which I built for Dachstein which doesn't > > > do this. I had the same trouble with the standard Dachstein ruleset, > > > and before long I had so many customizations to it, it became its > > > own package. :) > > > > > > If you want to keep using the default Dachstein firewall > > > for whatever reason, I believe the changes you need to make are in > > > the network.conf file. Should be easy to find in there... > > > > I had to get past that once... What I did (if memory, and old comments > > serve) was in ipfilter.conf: > > > > ~line 208: > > $IPCH -A $LIST -j DENY -p all -s 10.0.0.0/8 -d 0/0 -l $* > > > > ~line 420: > > $IPCH -A input -j DENY -p all -s 0/0 -d 10.0.0.0/8 -i $EXTERN_RIF > > > > ~line 502: > > $IPCH -A output -j DENY -p all -s 0/0 -d 10.0.0.0/8 -i $EXTERN_RIF > > > > comment out those lines, and the rules don't get made... > > Are you trying to connect to the modem itself (the web server on > it)? This was my need with my ADSL modem. > > If so then I prefered to not open the whole range, but instead > open just the one IP where the modem http server sits. I chenged > the end of my /etc/ipfilter.conf by adding the following last > section. The Alcatel SpeedTouch Home uses the 10.0.0.138 address, > find out what yours uses. > > I am on an old LRP using 2.2.16, but the same idea should apply to > the later configurations. > > ========================================= > ADSL_SERVER_IP="10.0.0.138" > for NET in $INTERN_NET ; do > $IPCH -I forward 1 -j MASQ -p tcp \ > -s $NET -d $ADSL_SERVER_IP www -i eth0 > done > } > > << EOF >> > ========================================= > > -- > Eyal Lebedinsky ([EMAIL PROTECTED]) <http://samba.org/eyal/> ------------------------------------------------------- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html