[ale] home networking difficulties

Andrew Grimmke grimmke at directvinternet.com
Wed Aug 28 21:46:49 EDT 2002


Much thanks to everybody who helped me.  This is a great community.


On Wed, 2002-08-28 at 20:00, Andrew Grimmke wrote:
> I am up.  Just went and copied an rc.firewall script.  Works perfect. 
> Followed the instructions in the ip-masq howto.  Using iptables.  It's
> all good.
> 
> 
> On Wed, 2002-08-28 at 09:37, Andrew Grimmke wrote:
> > On Wed, 28 August 2002, Jonathan Glass wrote:
> > 
> > > 
> > > What happens if you set your forward policy to
> > ACCEPT? 
> > 
> > ipchains -L shows that it is.  Although I see what you
> > are talking about below.  Hmm.
> > 
> > > Why aren't you 
> > > using iptables?
> > 
> > The recommendation I have heard is that, unless there
> > is an obvious advantage, ipchains remains an easier
> > solution.  Also, I have heard that iptables does not
> > support a number of services.
> > 
> > > See comments below.
> > > 
> > > Jonathan
> > > 
> > 
> > At 03:54 AM 8/28/2002 -0700, Andrew Grimmke wrote:
> > >On Tue, 27 August 2002, Geoffrey wrote:
> > > > Thats the good news.  The bad news is that IP
> > > > forwarding/masquerading does not seem to be working.
> > 
> > <snip some stuff>
> > 
> > > > # 1) Flush the rule tables.
> > > >    /sbin/ipchains -F input
> > > >    /sbin/ipchains -F forward
> > > >    /sbin/ipchains -F output
> > > > # 2) Set the MASQ timings and allow packets in for
> > > > DHCP configuration.
> > > >   /sbin/ipchains -M -S 7200 10 60
> > 
> > > Interesting...I've never done this before...
> > 
> > I'm sure the default timings are fine.  What I put in
> > there came straignt out of the howto.
> > 
> > > >   /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0
> > 68
> > >-d 0/0 67 -p udp
> > > > # 3) Deny all forwarding packets except those from
> > > > local network.
> > > > #    Masquerage those.
> > 
> > > If you change this line to ... -P forward ACCEPT,
> > what happens?
> > 
> > I will try.  
> > 
> > > >   /sbin/ipchains -P forward DENY
> > 
> > > Shouldn't you specify which NIC has the 192.168.1.0 >
> > network, to prevent IP spoofing?
> > 
> > Thank you.  This is the type of advice I need. 
> > 
> > > >   /sbin/ipchains -A forward -s 192.168.1.0/24 -j
> > MASQ
> > 
> > > > # 4) Load forwarding modules for special services.
> > > >   /sbin/modprobe ip_masq_ftp
> > > >   /sbin/modprobe ip_masq_raudio
> > > >
> > > > did I do something wrong?  Is there anything I
> > missed?
> > > >
> > > >  Thanks,
> > > >  Andrew
> > > >
> > > >  Andrew Grimmke
> > > >  Marietta, Georgia
> > 
> > Andrew Grimmke
> > Marietta, Georgia
> > 
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> > sent to listmaster at ale dot org.
> > 
> > 
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 
> 



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list