Pascal, et al -- ...and then P.Italiaander said... % ... % At first I thought somebody would notice ,but you have a hugh hole in your % firewall : % so you do: % % Chain INPUT (policy DROP) % target prot opt source destination % ACCEPT all -- anywhere anywhere % ACCEPT all -- anywhere anywhere state % RELATED,ESTABLISHED Hmmm... Yes, now that you've pointed it out I see that :-) At this point I don't actually care, because I'm having so much trouble trying to get NATting to work. But I certainly don't want to stick with this! I've decided to give up on the SuSEfirewall2 front end and write the rules myself. For one thing, I *don't* have a ppp interface; I use eth0 and eth1! I wonder if I even have forwarding compiled into the kernel, though. Per the 'Masqerading Made Simple' HOWTO I tried linux:~ #modprobe ipt_MASQERADE modprobe: Can't locate module ipt_MASQERADE so it isn't a module and yet forwarding doesn't seem to work. For a last try (before starting over completely) I will try your % iptables -A FORWARD -m state --state NEW -i $int_if -o $ext_if -j ACCEPT suggestion as well. Thanks a bunch & HAND :-D -- David T-G * There is too much animal courage in (play) davidtg@xxxxxxxxxxxxxxx * society and not sufficient moral courage. (work) davidtgwork@xxxxxxxxxxxxxxx -- Mary Baker Eddy, "Science and Health" http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
Attachment:
pgp00440.pgp
Description: PGP signature
