Sorry my apologies, I am not running ipchains but iptables got that confused as I recently upgraded this box here are my iptables *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Lokkit-0-50-INPUT - [0:0] -A INPUT -j RH-Lokkit-0-50-INPUT -A FORWARD -j RH-Lokkit-0-50-INPUT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT -A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT -A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 192.189.54.17 --sport 53 -d 0/0 -j ACCEPT -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 203.8.131.1 --sport 53 -d 0/0 -j ACCEPT -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 192.189.54.33 --sport 53 -d 0/0 -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT COMMIT What do I need to add to get masquerading working? -Simon > You are setup completely incorrectly. > > service ipchains stop > service iptables start > rpm -e ipchains > > Investigate both http://www.netfilter.org and http://ipmasq.cjb.net/ > for information. The example scripts on the latter site work nicely > in almost all cases. There are also numerous iptables configuration > tools out there if you wish to go that route. > > (Ipchains is an emulation in recent kernels. It is an incomplete > emulation. Many streaming and ftp features you may want do not work > well with it. Therefore the change to iptables is highly recommended. > I suffered through trying to make ipchains work and finally gave it > up as a bad effort after many hours of work. It took me about an > hour of reading until I found the second site and its examples above. > >From there it was an easy effort to get my basics working. The custom > stuff took a little more time, but not as much as I expected it would.) -- Psyche-list mailing list Psyche-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/psyche-list
