On Tue 20 November 2001 22:21, you (James Francis) wrote: > > /sbin/ipchains -P forward DENY > > /sbin/ipchains -A forward -s 192.168.1.2/24 -j MASQ > > ## I do have other IPchains installed... > > Forgot to mention...make sure you have a rule like the following: > /sbin/ipchains -A forward -i eth1 -j MASQ after your forward rule above. > > eth1 was your connection to the internet on the RH7.1 box.
How may I be sure that unwanted data will not pass thru this rule to my internal network - that only answers to masqued outgoing requests will pass? Assume that I don't allow incoming connections from the internet side (in the rules for input chain), so only ICMP and UDP packets to the internal machine, and TCP data packets for a connection established by the internal one should be allowed to pass. Will the rule: -A forward -d 192.168.1.0/24 -j MASQ be ok? I don't think so - the destination address is not yet de-masqueraded. Right? --Mariusz -- Tego nie znajdziesz w żadnym sklepie! [ http://oferty.onet.pl ] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
