Pieter Claassen wrote:
> I know we should be going to ipchains, but we want to get ipfwadm running
> and there is a problem.
>
> We are masquerading between two marsian networks and a DMZ with legal ip's
> and everything is working fine as long as we have
>
> ipfwadm -I -p accept
>
> When we set the rules and then deny, everything (ping etc.) except for DNS
> lookups. We have added
>
> ipfwadm -I -a accept -P tcp (and UDP) -S 0/0 -D 0/0 domain
>
> but still no luck.
>
> Anybody with an idea?
Ensure that the kernel was compiled with `IP: firewall packet logging'
(CONFIG_IP_FIREWALL_VERBOSE), and add
ipfwadm -Ia deny -o
to the end of the rules. This will cause all denied packets to be
logged (at kern.info). This may provide some clues as to what other
packets are involved.
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
