Thanks, David. Your point is a good one, but for one exception...I'm using non-routable IPs behind the firewall. When I turn off the firewall, nothing gets forwarded from the workstations and server behind it.
On Wed, 16 Jan 2002, David Talkington wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >On Thu, 17 Jan 2002, Andreas Hansson wrote: > > > >> For each dnat line, add an accept line in forward: > > Andreas' note here brings up another point, Mike. In my (not always) > humble opinion, it would help you a lot to mentally and physically > separate the functions of routing and filtering. Your NAT and > forwarding rules should be in one file, and your packet filtering in > another. That allows you to isolate the sources of trouble, as well > as keep those functions separate in your head. In this case, for > instance, it would have been very desirable to shut down packet > filtering entirely to ensure that it was not at fault, while leaving > forwarding/routing rules active. > > I have two sets of rules, living at /etc/init.d/router and > /etc/init.d/firewall, for this reason. This also makes it safe to > tinker with my routing rules without momentarily leaving my system > unprotected. > > Cheers -d > > > - -- > David Talkington > > PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp > - -- > http://setiathome.ssl.berkeley.edu/pale_blue_dot.html > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.8 > Comment: Made with pgp4pine 1.75-6 > > iQA/AwUBPEZbWr9BpdPKTBGtEQLc1wCg5wPt/FcSdNH59oFLoXBz/kstd2sAnjuX > 7k/7qA9VaOiQtvbL1FvQ0ISb > =MfrJ > -----END PGP SIGNATURE----- > > > > > _______________________________________________ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
