/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
On Wed, 25 Aug 1999, Bruno Melloni wrote:
> As an early setup I did the "no-brains" 2-line ipchains
> configuration setting a deny-all default policy and allow all
> outgoing for masqueraded forwarding.
Two lines? What chain did you deny-all on? If you set the default
policy on the forward chain to deny, that does not imply a default
policy on the input or output chains.
> If ipchains does not protect the firewall machine, can you recommend
> a way to accomplish that?
To protect the firewall machine itself you need rules in the input
chain with the -i argument specifying your external interface.
--
John Hardin KA7OHZ [EMAIL PROTECTED]
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
Monty Python's Star Trek Voyager:
A successful trans-warp experiment turns Paris and Janeway into
newts, but they get better.
...wait a minute... It's already been done...
-----------------------------------------------------------------------
5 days until A Civil Campaign is officially released
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
