[Gllug] ipchains, nat and hosts.allow

Rhys Hopkins rhys.hopkins at culver-tec.com
Thu Dec 5 13:21:41 UTC 2002 

> 
> I think I need to sit down and ready through the ipchains 
> documentation properly again, but everytime I've tried I get 
> throughly confused!  I'm wondering if I need to enable syn 
> packets or something, or if the order of the ipchains rules matters?  

Yes indeed, the order is very important. Packets are tested against each
rule in order
to see if they match.

If a packet matches a rule, it will jump to the target specified by that
rule.
If it does not match, the next rule is checked.
If no rules have matched and the end of the chain is reached, the policy for
the chain is applied.

So if you have the first rule matching all packets and jumping to DENY or
REJECT, no 
packets will ever get through.

Try using the -I option with ipchains instead of -A :

ipchains -I input -j ACCEPT -i ppp0 -p tcp -s 0.0.0.0/0 -d 192.168.X.X http
ipchains -I output -j ACCEPT -i ppp0 -p tcp -s 192.168.X.X http -d 0.0.0.0/0

This will insert your rule at the start of the respective chain.

Showing us a listing of your ipchains setup generated from "ipchains -L"
would 
be helpful.


Rhys.


***********************************************************************************************************
Visit us at http://www.culver-tec.com

DISCLAIMER & CONFIDENTIALITY NOTICE

This email and any files transmitted with it are confidential and intended solely for the use
of the individual or entity to whom they are addressed.  This communication may contain
privileged material.  If you are not the intended recipient or the person responsible for 
delivering the email to the intended recipient, please be advised that you have received
this email in error and that any use, dissemination, forwarding, printing or copying of this
email is strictly prohibited.

The content of this email and any files transmitted with it may not reflect the views and
opinions of the originating company.  If you have received this email in error, please 
telephone +44 (020) 7456 1300 immediately.
The contents of this email are subject to the terms and conditions of use of our Websites.
No inappropriate content of any sort in this email is approved by us.
If you have any queries or complaints, please forward this email to complaints at culver-tec.com
***********************************************************************************************************


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list