On Sat, 27 Mar 1999, Fuzzy Fox wrote: > Jim Kusznir <[EMAIL PROTECTED]> wrote: > > > > On Fri, 26 Mar 1999, Fuzzy Fox wrote: > > > > > > > > > >ipchains -A input -j ACCEPT -P tcp -s 0.0.0.0/0 25 \ > > > > > -d GatewayAddress/32 25 -l > > > > > > Looking closer at this, I can see why this rule does not work. It says > > > to allow and log packets from port 25 to port 25. Now, if a client is > > > attempting to reach your SMTP server, the destination port *will* be 25, > > > but the source port could be any number at all, and it's very likely > > > that it will not be 25. So this rule will never trigger. > > > > Actually, this is not the case. If we assume this computer is the > > "gateway" -- it has a real internet IP on one side and the internal lan & > > IPs on the other, then the above should work -- once you change input to > > forward. You are forwarding the packet. > > Um... are you *sure* about this? > > What are the chances of an incoming packet having both a SOURCE port and > a DESTINATION port of 25? I think the chances are zero, really. :) OOps...I stand corrected! I apologize for my mis-information and any confusion this may have caused. (Guess I need some more practice using IPChains) ----- Jim Kusznir ([EMAIL PROTECTED]) RidgeNET Tech Support 371-3501 [EMAIL PROTECTED] _______________________________________________ Masq maillist - [EMAIL PROTECTED] http://tiffany.indyramp.com/mailman/listinfo/masq Admin requests can be handled by web (above) or [EMAIL PROTECTED]
