Jim Ruby wrote: > [snip] > /sbin/ipchains -P input DENY > /sbin/ipchains -P output DENY > /sbin/ipchains -P forward DENY > /sbin/ipchains -F input > /sbin/ipchains -F output > /sbin/ipchains -F forward > /sbin/ipchains -A input -j ACCEPT -i lo > /sbin/ipchains -A input -j ACCEPT -i eth0 -s 192.168.207.110/255.255.255.0 > /sbin/ipchains -A input -j ACCEPT -i ppp0 -d 209.100.171.123/32 > /sbin/ipchains -A input -j DENY -i ppp0 -s 192.168.207.110/255.255.255.0 -l > /sbin/ipchains -A forward -j MASQ -i ppp0 -s 192.168.207.110/255.255.255.0 > /sbin/ipchains -A output -j ACCEPT -i lo > /sbin/ipchains -A output -j ACCEPT -i eth0 -d 192.168.207.110/255.255.255.0 > /sbin/ipchains -A output -j ACCEPT -i eth0 -d 224.0.0.0/240.0.0.0 -p tcp > /sbin/ipchains -A output -j ACCEPT -i ppp0 -s > 209.100.171.123/255.255.255.255 > /sbin/ipchains -A output -j DENY -i ppp0 -d 192.168.207.110/255.255.255.0 -l > echo "1" > /proc/sys/net/ipv4/ip_forward > [snip some more]
Why all the rules? I usually start out basic. Try these rules instead (from IPCHAINS-HOWTO). ipchains -P forward DENY ipchains -A forward -i ppp0 -j MASQ echo 1 > /proc/sys/net/ipv4/ip_forward If these do not work, let me know, and I will look at my masq box at home to get the rules I use. -- Paul Miller [EMAIL PROTECTED]
