[TCLUG] IP Chains

[Shawn]

After doing some more digging, and reading a bit more, I found that if I put
these two lines in:

ipchains -P forward DENY
ipchains -A forward -i ppp0 -j MASQ

things work.  Though, now this leads me to think that if the above works with a
dialing device, would the one you suggest below be for an ethernet device?  I
admit to having not tried yours below Jay, but this is a thought for some more
understanding on my end.

Also, I admit to being a bit naive on this.  But, the the heck is CIDR?


"Austad, Jay" wrote:

> Try changing:
> ipchains -A forward -j MASQ -s 10.0.0.0/99 -d 0.0.0.0/0
> to
> ipchains -A forward -j MASQ -s 10.0.0.0/8 -d 0.0.0.0/0
>
> Make sure your internal ip's on your network are 10.x.x.x addresses,
> otherwise you need to modify the -s option.  ipchains shouldn't even take 99
> as an option as you can only have a maximum of /32 there.  This is the
> netmask in CIDR format.
>
> Jay