2.2.x and accounting and masquerading

Andreas Jellinghaus Fri, 9 Apr 1999 04:35:04 -0400
i have 4 machines masqueraded and want to do accounting.
masquerading and routeing works fine.  masqueraded/outgoing packets are
accounted. but incoming/demasqueraded packats are not accounted.
do i need to add a special rule, or am i doing something wrong ?

i'm useing 2.2.5-ac1 with isdn updates.

andreas

#! /bin/sh
ifconfig lo 127.0.0.1
ifconfig eth0 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 2 > /proc/sys/net/ipv4/ip_dynaddr

# Forwarding : nur 192.168.0 <-> ! 192.168.0 (tcp und icmp)
ipchains -F
ipchains -P forward REJECT
ipchains -A forward -s 192.168.0.2/32 -d ! 192.168.0.0/24 -b -p tcp -j MASQ
ipchains -A forward -s 192.168.0.2/32 -d ! 192.168.0.0/24 -b -p tcp -j ACCEPT
ipchains -A forward -s 192.168.0.2/32 -d ! 192.168.0.0/24 -b -p icmp -j MASQ
ipchains -A forward -s 192.168.0.2/32 -d ! 192.168.0.0/24 -b -p icmp -j ACCEPT
ipchains -A forward -s 192.168.0.10/32 -d ! 192.168.0.0/24 -b -p tcp -j MASQ
ipchains -A forward -s 192.168.0.10/32 -d ! 192.168.0.0/24 -b -p tcp -j ACCEPT
ipchains -A forward -s 192.168.0.10/32 -d ! 192.168.0.0/24 -b -p icmp -j MASQ
ipchains -A forward -s 192.168.0.10/32 -d ! 192.168.0.0/24 -b -p icmp -j ACCEPT
ipchains -A forward -s 192.168.0.17/32 -d ! 192.168.0.0/24 -b -p tcp -j MASQ
ipchains -A forward -s 192.168.0.17/32 -d ! 192.168.0.0/24 -b -p tcp -j ACCEPT
ipchains -A forward -s 192.168.0.17/32 -d ! 192.168.0.0/24 -b -p icmp -j MASQ
ipchains -A forward -s 192.168.0.17/32 -d ! 192.168.0.0/24 -b -p icmp -j ACCEPT
ipchains -A forward -s 192.168.0.42/32 -d ! 192.168.0.0/24 -b -p tcp -j MASQ
ipchains -A forward -s 192.168.0.42/32 -d ! 192.168.0.0/24 -b -p tcp -j ACCEPT
ipchains -A forward -s 192.168.0.42/32 -d ! 192.168.0.0/24 -b -p icmp -j MASQ
ipchains -A forward -s 192.168.0.42/32 -d ! 192.168.0.0/24 -b -p icmp -j ACCEPT

# via ippp0 nur udp packete f�r dns entgegen nehmen.
ipchains -A input -s 0/0 ! 53 -d 0/0 ! 53 -p udp -i ippp0 -l -j REJECT

# via ippp0 nur tcp syn packete f�r ssh entgegen nehmen.
ipchains -A input -d 0/0 ! 22 -y -p tcp -i ippp0 -l -j REJECT

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
2.2.x and accounting and masquerading

Reply via email to
