Re: Problems with MASQ

Glynn Clements (
Sun, 14 Mar 1999 17:26:30 +0000 (GMT)

Eugen A. Onoi wrote:

> I tried to configure IP Masq using kernel 2.2.2 and ipchains 1.3.8
> kernel built with masq support and this ipchains settings:
> ipchains -P forward DENY
> ipchains -A forward -j MASQ -s -d
> but this doesn't work for me :(
> with 2.0.36 kernel and ipfwadm all was fine
> Can anyone explain me what I'm doing wrong ?

Not offhand. However, a useful technique for debugging firewall rules
which seem to block too much traffic is to add a catch-all logging
rule to the end of the list, e.g.

ipchains -A forward -j DENY -l

This will log all of the packets which fail to match any other rule,
and so would be subject to the policy (-P) setting.

Glynn Clements <>
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to