[H-GEN] Ipchains

yh tan yh at techie.com
Sun Apr 23 03:10:52 EDT 2000


[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics.  Please observe the list's charter.          ]

Hello,

as i was toggling the knobs on my "gateway" machine's ipchains, i realise my
error lies in the chains sequential filtering rules.

.Query 1.
i need some advice on the Forward Policy ruling. let's say i'm MASQ the
traffic from 10.10.10.0/24 to anywhere. and i would like to deny some
forwarding request, for example, outgoing FTP. If my output & input are on
already in ACCEPT mode.

On the forward chain: do i first insert MASQ rule, then the deny ftp rule,
then the allow all others? is this sequence appropriate?

like to hear your different opinions on ipchains.

.Query 2.
the input ftp request has some problem establishing the "data socket". is it
gotta do with the unprivilege ports?


Cheers,
yh

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.



More information about the General mailing list