[H-GEN] ip masq progressing one prob remains

Ben Carlyle benc at foxboro.com.au
Thu Sep 30 02:51:11 EDT 1999


[ Humbug *General* list - semi-serious discussions about Humbug and
Unix-related topics. ]

staeci at yahoo.com wrote:

> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0


Everything looks fine here, as Michael said.
I have no further comments on your problem at this time, as
everything you're doing appears to be correct.  As an aside,
however, I would add that very much dislike solely IP address-
based firewall rules.  As a matter of course, I always add an
interface option to this to ensure that it you are only routing
for 192.168.0.x on eth0.  It's always possible that someone with
enough cleverness could ask your computer to route from
192.168.0.x on your ppp0, and make your machine the source of
all sorts of nastiness.  Adding the interface option makes this
kind of attack extremly difficult.


Benjamin.

--
This is list (humbug) general handled by majordomo at lists.humbug.org.au .
Postings only from subscribed addresses of lists general or general-post.



More information about the General mailing list