Re: PRIV: 2.1.102: ipchains: REJECT does only DENY - network gurus please
Mon, 18 May 1998 06:08:04 +0200

On Sun, May 17, 1998 at 06:28:11PM +0200, Steffen Zahn wrote:
> >>>>> "ak" == ak <> writes:
> ak> Why use firewalling at all then? The forwarder will send a
> ak> DEST_UNREACHable when it can't find a route automatically. In
> ak> extreme cases you could use a reject route.
> Well, I don't find the above statement to be the case (in 2.1.102).
> If I set all firewall chains to ACCEPT, i.e. ipchains -L gives:
> Chain input (policy ACCEPT):
> Chain forward (policy ACCEPT):
> Chain output (policy ACCEPT):
> then the packets from the client taliesin to the unreachable DNS server
> via the server zahn get no negative ack.

What does your routing table look like? That works when you have _no_
route, but when you use dial-on-demand there is a route of course.
You could use a reject route with the source address of the private
network in your case.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to