Goderis Karel <[EMAIL PROTECTED]> wrote:
>
> $IPCHAINS -A input -p udp -i $IFINTERNET \
> -s $ALLNETS 4000 \
> -d $INTERNETIP -j ACCEPT
>
> $IPCHAINS -A input -p tcp -y -i $IFINTERNET \
> -s $ALLNETS \
> -d $INTERNETIP 4101:4130 -j ACCEPT -l
Your second rule allows the first "SYN" packet of the TCP connection
(with logging), but you have no rule that will permit the rest of the
TCP packets to proceed through. Append another identical rule, but
without the -y and -l options, and you may see some improvement.
I assume your firewall is denying all other traffic, making these rules
necessary. If that's the case, you should have it log the traffic that
is denied, so that you can spot problems like this.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
