>From the man page:
These rules regulate the acceptance of incoming IP
local network interfaces are checked against the
input firewall rules. The first rule that matches
with a packet determines the policy to use and will
also cause the rule's packet en byte counters being
adapted. When no matching rule is found, the
default policy for the input firewall is used.
If you deny everything first, then any packet will match
that denial, and be rejected. (which is the same way
Ciscos do it). Unless I'm horribly confused.
--
Bill Eldridge
Radio Free Asia
[EMAIL PROTECTED]
-----Original Message-----
From: Joachim Feise <[EMAIL PROTECTED]>
To: Bill Eldridge <[EMAIL PROTECTED]>
Cc: Steve Helder <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Date: Thursday, June 11, 1998 4:54 PM
Subject: Re: [masq] [masq] IP - masquerade setup problems
>Bill Eldridge wrote:
>
>> Order matters, so if you deny everythingfirst, then the rules never
meet the allowclauses later. As mmy first guess.--
>
>That is not quite right, actually, it is wrong.
>For security reasons, you always should deny everything first, and
subsequently
>allow things like forwarding.
>Did you enable forwarding in the proc fs? Try adding this line to your rc
>script:
>echo 1 > /proc/sys/net/ipv4/ip_forward
>
>Oh, and please don't send HTML-formatted messages. ASCII is preferred (I
hope I
>didn't copy the tags over when I copied the text).
>
>-Joe
>
>> Bill Eldridge
>> Radio Free Asia
>> [EMAIL PROTECTED]
>>
>> -----Original Message-----
>> From: Steve Helder <[EMAIL PROTECTED]>
>> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>> Date: Thursday, June 11, 1998 2:36 PM
>> Subject: [masq] IP - masquerade setup problemsI am attempting to
use IP-Masquerading on a newly
>> installed Redhat 5.1 Linux box. I am connected to my ISP using
PPP and can ping the nameservers from
>> Linux. I have followed the instructions in the Linux IP
Masquerade mini HOWTO by Ambrose Au for setting
>> up my Windows 95 machine. After I set it up I can ping the
ethernet card on the Linux box which is
>> 10.0.100.5 but can't get any further. (pinging the nameservers) I
have setup the ipfwadm -F -p deny and
>> ipfwadm -F -a m S 10.0.100.0/24 -D 0.0.0.0/0 on the Linux box. I
am assuming I am close but missing
>> something. Any assistance would be appreciated Steve Helder
>
>
>--
>Joachim Feise Microsoft Certified Solution Developer
>mailto:[EMAIL PROTECTED] http://www.ics.uci.edu/~jfeise/
>mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
>---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
