Sorry, I forgot one more thing. I was meaning that I could not ping xxx.xxx.xxx.158 from outside. However I could ping xxx.xxx.xxx.71 and xxx.xxx.xxx.157
askar On 6/28/05, askar ... <[EMAIL PROTECTED]> wrote: > Hello! > > I found out that when I run iptables rule below: > > #!/bin/bash > IPTABLES='/sbin/iptables' > > # Set interface values > EXTIF='eth1' > INTIF1='eth0' > > # enable ip forwarding in the kernel > /bin/echo 1 > /proc/sys/net/ipv4/ip_forward > > # flush rules and delete chains > $IPTABLES -F > $IPTABLES -X > > # enable masquerading to allow LAN internet access > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE > > # forward LAN traffic from $INTIF1 to Internet interface $EXTIF > $IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -m state --state > NEW,ESTABLISHED,RELATED -j ACCEPT > > #echo -e " - Allowing access to the SSH server" > $IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT > > #echo -e " - Allowing access to the HTTP server" > #$IPTABLES -A INPUT --protocol tcp --dport 80 -j ACCEPT > > $IPTABLES -I INPUT --protocol tcp --dport smtp -i INTIF1 -j REJECT > ------- > ip address of the nic connected to the modem is not pinged. > But I don't set any restriction for icmp??? > > In thins case I don't use rp-pppoe connection. ADSL modem internally > has have to interfaces lan and wan. Modem has its own static ip, and > nic has also static ip: > modem ip xxx.xxx.xxx.157 > modem wan ip xxx.xxx.xxx.71 > eth connected with modem xxx.xxx.xxx.158 > > askar > -- gentoo-user@gentoo.org mailing list
