Re: [masq] [Fwd: nis ipmasquerading]

Thu, 15 Oct 1998 12:51:14 -0400 


>Can someone give me exact ipfwadm rules to keep my external interface
>(eth2) from sending out the packets all over my rogers segment?
>
>Something like ipfadm      ???     udp      ???    24.113.3.19/??
>???/??
>My external interface (eth2) has IP 24.113.3.19 netmask 255.255.252.0.
>My interanl network (eth0) has network number 192.168.1.0 netmask
>255.255.255.0

Well, a few things first:

        1) Your cablemodem ISP is making a HUGE mistake with using
           a 255.255.252.0 subnet mask.  With a mask like this,
           your IP broadcasts can hit a maximum of 1022 hosts!
           Ack!  Oh well.. thought you'd like to know.

        2) How did the other cablemodem person find and then 
                email you?  Another Linux user?

        3) you should be able to DISABLE specific outbound interfaces for
           NIS.  DHCP, BIND, etc does this.. NIS should be able to do it
           too.  That is the proper fix but until you can figure that out,
           do this:

                Make sure you have this at the top:

                        /sbin/ipfwadm -I -f
                        /sbin/ipfwadm -I -p deny
                        /sbin/ipfwadm -O -f
                        /sbin/ipfwadm -O -p deny
                        /sbin/ipfwadm -F -f
                        /sbin/ipfwadm -F -p deny

                Next, try this in your IPFWADM ruleset

                /sbin/ipfwadm -O -a deny -W eth2 -P UDP -S 24.113.3.19/32 111 -D 
0.0.0.0/0


--David
.----------------------------------------------------------------------------.
|  David A. Ranch - Remote Access/Linux/PC hardware      [EMAIL PROTECTED]  |
!----                                                                    ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Reply via email to