[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ADSL Masuerading with 2.4.7-10 and ipchains Q



Hi!

On Tue, 30 Oct 2001, Shosh Kalson wrote:

> LAN is on eth1.
>
> I found that in order to get the masqerading to work I had to add the
> following to my firewall script:
>
> ipchains -A input -i eth0 -s 10.0.0.138 -d 10.200.1.1 -j ACCEPT
> ipchains -A output -i eth0 -s 10.200.1.1 -d 10.0.0.138 -j ACCEPT

You probably needed it anyway. In the iptables example you can find
similar lines for the gre tunnel (protocol 47).

>
> I really have no idea if I've opened up a security hole or not (I sure hope
> somebody will tell me if I have <g>)), but it works.

If you do not run the echo service on the linux box you do not risk too
much.

>
> BTW, I notice that I'm blocking packets on eth0 going from
> 10.200.1.1:1025/1026/64715 to 10.0.0.1:53 (PROTO=17).  Can anybody tell me

these are probably DNS lookup queries. did you define 10.0.0.1 as a dns
server
somewhere in 10.200.1.1 ?


> what this might be?
>
> Regarding loading modules -- I have the same problem as you -- couldn't load
> the FTP module for example.  So I just commented out it out, figuring I'd
> deal with it later.  And, what do you know?  I'm able to FTP from my windows
> boxes.  Maybe somebody can explain/comment?
Sounds like a distro problem (or installation? maybe you did not ask for
iptables/ipchains at install time?).


>
> Regards,
> Shosh Kalson
Dani


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il