On Wed, 22 Jan 2003 erich@uruk.org wrote: > I figured out how to keep masquerading only going one direction, but > what I can't figure out is how to disable all normal packet forwarding > other than the masqueraded connections with iptables. I.e. someone on > the other side who knows my internal IP addressing can still send > crafted packets through my firewall. What if you add rules to the filter table that prevent packets from "entering" eth0 unless they have a destination address of eth0? A similar suggestion applies to eth1. -- Ilguiz Latypov Net Integration Technologies, Inc tel. +1 (514) 281 9191 x 117 P.S. Thanks for GRUB :-)
