Ipchains Woes

[Steve Holmes]

I'm running a 2.2.20 kernel thus use ipchains for the firewall.  What I am
trying to do is fairly basic; I have a recent copy of endoshield, a common
firewall script which I ported to use ipchains as well as iptables.  My
problem is when I run the script, I lose all connectivity with the outside
world.  The behavior completely changes as soon as the default policy is
changed on the input chain.  When it is ACCEPT, all gets through fine;
obviously not good for firewall purposes but I can get out.  As soon as it
goes to DENY, I can no longer get through.  The default policy for forward
chain is always set to DENY and the output chain is ACCEPT.  The
/proc/sys/net/ip_farward is set to 1 for ip masquerade and I have a
variety of rules set to open desired ports. Those rules are a part of a
custom chain called inet-in and inet-in is linked to the input chain.

I know this all sounds veague at the moment but if anyone knows much about
ipchains, I'll be glad to share the script I am using with them to compare
for any possible errors.  I could post it to the list but is quite lengthy
so I think I'll hold off unless there is enough interest:).

Any ideas or help would be greately appriciated.  BTW, I have an ip
masqueraded network of several machines and the masquerade portion has
been working great all along and still does when I can this new firewall
implementation:).