Re: Problems with MASQ

Glynn Clements (glynn@sensei.co.uk)
Sun, 14 Mar 1999 17:26:30 +0000 (GMT)


Eugen A. Onoi wrote:

> I tried to configure IP Masq using kernel 2.2.2 and ipchains 1.3.8
> kernel built with masq support and this ipchains settings:
> ipchains -P forward DENY
> ipchains -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0
> but this doesn't work for me :(
>
> with 2.0.36 kernel and ipfwadm all was fine
> Can anyone explain me what I'm doing wrong ?

Not offhand. However, a useful technique for debugging firewall rules
which seem to block too much traffic is to add a catch-all logging
rule to the end of the list, e.g.

ipchains -A forward -j DENY -l

This will log all of the packets which fail to match any other rule,
and so would be subject to the policy (-P) setting.

-- 
Glynn Clements <glynn@sensei.co.uk>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu