[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: nat masquerade router



At 11:29 6/15/2004, Michael Floyd wrote:
Well I see that your using a 24 bit subnet mask ( 255.255.255.0 ) not a 16
bit ( 255.255.0.0 )
It would be your firewall rules that are blocking you.....
These two lines......
# iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD
-d 192.168.0.0/16 -j ACCEPT
# iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP

the ip's should be 192.168.1.0/24 not 192.168.0.0/16
the way it's writen, you drop everthing on your subnet.

Maybe, but I don't think so... for two reasons:


1. The first rule that matches is applied. So his rule accepting traffic from 192.168.0.0/16 (any IP in that range) comes before the rule that drops all traffic not coming from that range.

2. Subnets for routing are one thing, but for firewalling the netmask is used only to calculate the IP range involved. So 192.168.0.0/16 will effectively cover *every single address* in 192.168.XXX.YYY for any valid values of XXX and YYY.

I may be wrong... but this is how I see it.

P.S. Michael, could you delete (trim) the portion of the previous message not used in your response? It's really not nice to force the next guy replying to clean up after you. Thanks!

Cheers,


-- Rodolfo J. Paiz rpaiz simpaticus com http://www.simpaticus.com



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]