Thanks Will So it looks like I'm denying inputs received on eth0 with IP 63.105.28.151 and when I perhaps should be accepting them??? Does that sound right, given that eth0 is connected to my ISP side?
> /sbin/ipchains -A input -J DENY -i eth0 -d 63.105.28.151/32 > /sbin/ipchains -A input -J DENY -i eth0 -d 63.105.28.255/32 How do I change that? Thanks Stephen -----Original Message----- From: will trillich [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 19, 2001 11:31 AM To: 'debian-user@lists.debian.org' Subject: Re: IPMasqing Act 2 Scene 42 On Tue, Jun 19, 2001 at 10:21:10AM -0700, Stephen Handley wrote: > > OK, > > Here's the latest. Managed to get my server to see domain names etc. However > now my masqued machine can't see anything. The most I can do is PING the > external IP number of the linux box (63.105.28.151). As far as I can tell I > have everything set up correctly. I've attached (typed out) the output of > IPMASQ -v ... can someone take a look and let me know what I'm missing. > Output of ipmasq -v: > > #: interfaces found > #: eth0 63.105.28.151/255.255.255.0 > #: eth1 192.168.0.1/255.255.255.0 > > echo "0" > /proc/sys/net/ipv4/ip_forward > echo "0" > /proc/sys/net/ipv4/ip_always_defrag > > /sbin/ipchains -P input DENY > /sbin/ipchains -P output DENY > /sbin/ipchains -no warnings -P forward DENY > /sbin/ipchains -F input > /sbin/ipchains -F output > /sbin/ipchains -no warnings -F forward > /sbin/ipchains -A input -J ACCEPT -i lo > /sbin/ipchains -A input -J DENY -i lo -s 127.0.0.1/255.0.0.0 -l > /sbin/ipchains -A input -J ACCEPT -i eth1 -d 255.255.255.255/32 > /sbin/ipchains -A input -J ACCEPT -i eth1 -s 192.168.0.1/255.255.255.0 > /sbin/ipchains -A input -J ACCEPT -i eth1 -d 224.0.0.0/4 -p | tcp > /sbin/ipchains -A input -J DENY -i eth0 -d 255.255.255.255/32 > /sbin/ipchains -A input -J DENY -i eth0 -d 63.105.28.151/32 > /sbin/ipchains -A input -J DENY -i eth0 -d 63.105.28.255/32 > /sbin/ipchains -no warnings -A forward -j MASQ -i eth0 -s > 192.168.0.1/255.255.255.0 > > /sbin/ipchains -A output -J ACCEPT -i lo > /sbin/ipchains -A output -J ACCEPT -i eth1 -d 192.168.0.1/255.255.255.0 > /sbin/ipchains -A output -J ACCEPT -i eth1 -d 224.0.0.0/4 -p | tcp > /sbin/ipchains -A output -J DENY -i eth0 -d 192.168.0.1/255.255.255.0 -l > /sbin/ipchains -A output -J ACCEPT -i eth0 -d 63.105.28.151/32 > /sbin/ipchains -A output -J ACCEPT -i eth0 -d 63.105.28.255/32 > > echo "1" > /proc/sys/net/ipv4/ip_forward > echo "1" > /proc/sys/net/ipv4/ip_always_defrag here's my ipmasq ('apt-cache show ipmasq' says v3.4.4) output-- Interfaces found: eth1 208.33.90.85/255.255.255.0 eth0 192.168.1.1/255.255.0.0 /sbin/ipchains -P input DENY /sbin/ipchains -P output DENY /sbin/ipchains -P forward DENY /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward /sbin/ipchains -A input -j ACCEPT -i lo /sbin/ipchains -A input -j DENY -i !lo -s 127.0.0.1/255.0.0.0 -l /sbin/ipchains -A input -j ACCEPT -i eth0 -s 192.168.1.1/255.255.0.0 /sbin/ipchains -A input -j DENY -i eth1 -s 192.168.1.1/255.255.0.0 -l /sbin/ipchains -A input -j ACCEPT -i eth1 -d 208.33.90.85/32 /sbin/ipchains -A input -j ACCEPT -i eth1 -d 208.33.90.255/32 /sbin/ipchains -A forward -j MASQ -i eth1 -s 192.168.1.1/255.255.0.0 /sbin/ipchains -A output -j ACCEPT -i lo /sbin/ipchains -A output -j ACCEPT -i eth0 -d 192.168.1.1/255.255.0.0 /sbin/ipchains -A output -j ACCEPT -i eth0 -d 224.0.0.0/240.0.0.0 -p ! tcp /sbin/ipchains -A output -j DENY -i eth1 -d 192.168.1.1/255.255.0.0 -l /sbin/ipchains -A output -j ACCEPT -i eth1 -s 208.33.90.85/32 /sbin/ipchains -A output -j ACCEPT -i eth1 -s 208.33.90.255/32 echo "1" > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -M -S 7200 10 160 /sbin/ipchains -A input -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l /sbin/ipchains -A output -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l /sbin/ipchains -A forward -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l i'm on 2.2/potato. -- DEBIAN NEWBIE TIP #5 from Will Trillich <[EMAIL PROTECTED]> : What's a "MANPAGE"? It's the documentation you get when you enter "man <something>" such as "man sources.list" or "man interfaces" or "man bash". Also see http://newbieDoc.sourceForge.net/ ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
