Re: Firewalling and MASQ

Glynn Clements (glynn@sensei.co.uk)
Thu, 9 Dec 1999 06:40:11 +0100 (GMT--1:00)


Stephen L. Favor wrote:

> I would like to configure a box to forward only TCP and
> UDP packets associated with a MASQ session and I can't quite
> figure out a way to do it. I can open 61000:65096 to the world
> and MASQ works fine, but I would prefer only let the ports with
> active sessions through the firewall. Can anyone tell me how to
> do this?

Replies to masqueraded packets pass the forwarding chain
automatically, so you can just configure the forwarding chain to
reject all inbound packets.

-- 
Glynn Clements <glynn@sensei.co.uk>

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu