Hi David,
Thanks for the reply.
I understand that it is resolving, so what is the purpose of the -n
switch, I'm obviously misinterpreting it's purpose?
The rule was meant to allow traffic from the internal network address to
come to the eth0, since the follow-up rule refuses any traffic from the
eth0 that is not within the LAN range. Is that still a silly rule?
TIA,
Steve
"David A. Ranch" wrote:
>
> >I am using ipfwadm and am having problems with the box resolving the
> >rules everytime, this is a pain as it pulls up the ISDN line and costs a
> >fortune. Here's the test rule I am using:
> >
> >ipfwadm -I -i accept -W eth0 -S 10.10.11.0/255.255.255.0 -D
> >10.10.11.0/255.255.255.0 -n
>
> This is a very silly rule. It says that you are going to accept
> on your ETH0 interface traffice from the 10.10.11.x network going
> to the 10.10.11.x network! Its already there.. why have a
> rule for it?
>
> Also.. this ruleset should have NOTHING to do with your ISDN
> connection.
>
> >If I do 'ipfwadm -Il' it won't show the rule unless the ISDN line is in;
> >ie it brings up the line to confirm the rule. I thought the -n switch
> >would stop this resolving?
>
> This is because it is trying to resolve the IP addresses when you list
> the ruleset. Put your 10.10.11.x network names and addresses in the
> /etc/hosts file and that should help a bunch.
>
> --David
> .----------------------------------------------------------------------------.
> | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
> !---- ----!
> `----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
