nat masquerade router
Rodolfo J. Paiz
rpaiz at simpaticus.com
Tue Jun 15 18:06:54 UTC 2004
At 11:29 6/15/2004, Michael Floyd wrote:
>Well I see that your using a 24 bit subnet mask ( 255.255.255.0 ) not a 16
>bit ( 255.255.0.0 )
>It would be your firewall rules that are blocking you.....
>These two lines......
># iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD
>-d 192.168.0.0/16 -j ACCEPT
># iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP
>
>the ip's should be 192.168.1.0/24 not 192.168.0.0/16
>the way it's writen, you drop everthing on your subnet.
Maybe, but I don't think so... for two reasons:
1. The first rule that matches is applied. So his rule accepting
traffic from 192.168.0.0/16 (any IP in that range) comes before the rule
that drops all traffic not coming from that range.
2. Subnets for routing are one thing, but for firewalling the
netmask is used only to calculate the IP range involved. So 192.168.0.0/16
will effectively cover *every single address* in 192.168.XXX.YYY for any
valid values of XXX and YYY.
I may be wrong... but this is how I see it.
P.S. Michael, could you delete (trim) the portion of the previous message
not used in your response? It's really not nice to force the next guy
replying to clean up after you. Thanks!
Cheers,
--
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com
More information about the fedora-list
mailing list