Rod Moffitt wrote: > Jun 19 20:13:22 router kernel: IP fw-out deny ppp0 UDP W.X.Y.Z:61233 E.F.G.H:53 L=65 >S=0x00 I=4864 F=0x0000 T=31 I believe this message indicates that a "-O" rule or policy is denying transit. Check your default policies. > > Here are my masquerading rules: > > ipfwadm -F -f > ipfwadm -F -p deny > > echo "masquerade-forwarding from $PRIVATE_NET" > ipfwadm -F -a accept -m -W $PUBLIC_INT -S $PRIVATE_NET Is this properly constructed? I don't think that you need to use 'accept' with masquerading rules. > > echo "masquerade-forwarding on $DIALD_INT from $PRIVATE_NET" > ipfwadm -F -a accept -m -W $DIALD_INT -S $PRIVATE_NET I don't believe you need this masquerading rule. I'm using ipchains now; I use the diald ip-up and ip-down options to specify a scripts that bring the firewall up or down when the link to the ISP comes up or down. When the link is down, I permit all forwarding. You might want to try: ipfwadm -F -a accept -W $DIALD_INT -S $PRIVATE_NET > > ipfwadm -F -a deny -o > > -- > > ============ Geek Technology at its best: http://nuked.org =============== > `````````````````````````````````````````````````````````````````````````` > Rod Moffitt ICQ# 6696644 Linux: multi-platform, multi-tasking, > [EMAIL PROTECTED] multi-user, fast & free! http://www.linux.org > PGP RSA KeyID 570A0731 Protect your privacy! http://www.pgpi.com > http://rodmoffitt.org Net, s/w & h/w consulting: http://vissitt.com > .......................................................................... > ========= Where loved ones are remembered: http://memoriam.org =========== > > Last yeer I kudn't spel Engineer. Now I are won. > > - > To unsubscribe from this list: send the line "unsubscribe linux-diald" in > the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-diald" in the body of a message to [EMAIL PROTECTED]
