Ipchains Woes

Mon, 25 Feb 2002 14:45:29 -0700

\_ SMTP quoth Steve Holmes on 2/25/2002 14:30 as having spake thusly:
\_
\_ Actually, I can't do it from the firewall box nor the inside.  One thing I
\_ can tell for sure, I can communicate back and forth between the local
\_ boxes but nobody can get outside with ping, traceroute, dig or any of
\_ those good buddies.  The forward chain does look identical to what you
\_ suggested below.  I need to dig into the input chain, I believe.  This
\_ package script uses an inet-in rule to set up the various permissions and
\_ the internet device (netward card) is defaulted to this internet rule.  If
\_ allowed through, those ports are '-j ACCEPT'.  But devices lo (loopback)
\_ and LAN card (eth0 in my case) both default to input -j ACCEPT so they
\_ should be getting through no matter what, I would think.  So I'm either
\_ missing something or there may be a bug in my implementation of ipchains.

You may need to to -j ACCEPT in masquerade chain for trusted devices?

David