-----BEGIN PGP SIGNED MESSAGE-----
> -----Original Message-----
> From: Eduardo R�hr [mailto:[EMAIL PROTECTED]]
...
> I've read your configuration file and there's some stuff I
> don't understand
...
> You have:
> ># Open up *valid* ports to remote connection, DNS, HTTP, FTP
...
> >ipchains -A input -j ACCEPT -p udp -i ppp0 -s 0.0.0.0/0 -d
> 0.0.0.0/0 518
...
> and then suddenly you have:
>
> >ipchains -A input -j DENY -p tcp -i ppp0 -s 0.0.0.0/0 -d 0.0.0.0/0
> 1:1023 -l
> >ipchains -A input -j DENY -p udp -i ppp0 -s 0.0.0.0/0 -d 0.0.0.0/0
> 1:1023 -l
>
> So you deny everything what you opened right one millisecond
> before...and
> you are not opening ports TO a remote site, you are allowing
> remote sites TO
The fact is one builds a list of rules. The order in which these
rules are created is important since they are checked from top to
bottom. the first rule whose target and source both match, is
applied. The remaining rules thus are not considered. Therefore
above mentioned combination FIRST opens up all ports that are
acceptable, and THEN closes ALL ports. This means that any
acceptable communication "drops through" the rules *before* the
DENY-al rules are encountered.
> ># No Masquarding between local computers
> >ipchains -A forward -j ACCEPT -s 192.168.0.0/16 -d 192.168.0.0/16
> >ipchains -A forward -j MASQ -s 192.168.0.0/16 -d 0.0.0.0/0
>
> What do you mean with "No Masquerading between local
> computers" ? If I have
>
> ipchains -A forward -i ppp0 -s 192.168.0.0/16 -j MASQ
>
> is in this way the problem away?
NOPE, but your way, connecting from host 192.168.244.31 to host
192.168.12.13, host 192.168.12.13 won't see where you're comming
from... Seeing the correct origin could be interresting when browsing
log-files a.o.
Merry Greetings from - Z'ge Groetjes vanwege
*** Dieter Demerre ----- [EMAIL PROTECTED] **
http://www.angelfire.com/de/ddemerre/
********************************************
Wanna get rid of idle Processor cycles ?
distributed.net ? Try synchronising outlook.
********************************************
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
mQENAzhXiLAAqQEIAMsoaNcCZFHswGBK1J4dRJvjUA7XwIICCKIKwU1HZIz5meGk
rbSgfK3SwJaqQOTRveKjPYtiZ7D6H19bjsO+P9bvdvEZHLC4dCQIvJfSMlcvSvLN
2S/wpfqaDZBsFDk2WnBmah9wilrm3QE4ATbWgGDeRd/XvPuRNc10FiZjRnEp5h+1
PcBppgljLhlJuBFEKxEXxjUsyBTl1zM3Gex8u+vNvg80DtlnlUB7Kc++JkJOSa3e
7FZAN7WEXztH9rKQmeCc/a1S00zHoPBeJnsfhjaX/nUhL2MH0AfTn0fX2W7LxgEQ
J9MJhxr8Ejlsj+a5wQD2OFGk4Ttn4ftB++EuukMABRG0IURpZXRlciBEZW1lcnJl
IDxkZGVtZXJyZUBhY20ub3JnPokBFQMFEDhXiLDh+0H74S66QwEBr2MIAJyuK5vb
4gMBZNelDedU53df23VfyrychlEH5E2fudaqpt3pspCQgX78KK4vLWsFr9ycUUYF
0FdTQBCUuhvj8BShexU9VocxjuoSaNuNwMqNZCWIAWx3OksvkTiNmXUC8rswxYKu
Z81O8LQifpjSe4tifAoZvdSBjrvKNyx6UfAWLrYlaUOmzxzRtulIIW8L429aU//a
ivhdBmBs4TKR9/NTCwI1Z/OY8Kc46keOI4cmdTNDGDYjlZHNi7UG8kj4XxajL40o
6yLY7m2TfXBbRB2aK10CjinpPhi+Vk6fA3KJ9/a4am4o2Oe8Tvqm8DPp0BM4VuyW
dT7wQMNZk5WW0Ho=
=kTdL
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
iQEVAwUBOHA+n+H7QfvhLrpDAQFjOQf/V91XC57VKsVOs0AShZ8QqTpswScWNxVd
42KUTMkV+rorrG6N4LoeTV3wS+04yRioyxz4R8wJX5hjLBq0DFZGypyiT/heP0Ja
E21vdYGArWLCMOO9YLLSHxWlfoJgfzQzIUO00y8B2Nrx4xPGQbo9K6xd1sRvhfyh
t9zyOL/485pCJnzQVbm0JMbZ5jPPUcz2xOSh64XgSvHO2Ib2wczeVVwEPJ6ItixQ
4N1/01hZY+r4NJ3uLVY1VP4JQZSinBfPGMezaL4dZU8i3IBXlXemYcxBszFZcr+C
WlfSM06RryFRR6XCYdjIHe6ftPxZDGZq0m36oi4rA+VYzukZ0ysHWA==
=gwtM
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
