From: Greg Stewart (stewartg@freeze.com)
Date: Tue Jul 25 2000 - 18:50:23 PDT
This got kinda' long, but...
I wonder: when you have a connection, and your 1 network can access the internet, is the 192.168.3.0 network?
I'm not that great with ipchains rules and configuration, but if that's the case, maybe ipchains is only registering the last line in your ACCEPT rule set.
You could try commenting out two of those rules, and change the line you leave to the following:
#UNRESTRICTED ACCESS
$IPCHAINS -A input -s 192.168.0.0/255.255.255.0 -d
$REMOTENET -j ACCEPT
It really is just a guess, but it could be worth a shot...
If someone thinks I have ipchains completely confused, please let me know... But, I think, from that damned MCSE class I took, that for each byte from the left of the ip address for which you specify a number other than 0, you're actually narrowing down the range. If I have this one correct (and that could be a long shot) unless you open up the range and specify both bytes on the right of the address, you're actually limiting the number of hosts in the subnet.
Also, if you're going to free up 2 or 3 bits from the right side of the 4th byte (second byte to the right) you may need a subnet mask of 255.255.248.0 this way you'll be able to have the following bits available for host addresses: 11111111.11111111.11111000.00000000
The last byte to the right will give you 252 hosts on each of 5 subnets under the same subnet mask (god...this was NOT my strong point in the class!!!).
I hope I'm not hashing this to death, and that it ay actually be helpful.
Please, if anyone can correct me, do so---I need all the help here I can get!!! :)
--Greg
> Basically here is what i have. In my pmfirewall.rules.local file this is
> the entry that i have based 3 class c address's.
>
> ### AUTOMATICALLY GENERATED BY THE INSTALL
> SCRIPT ###
>
> #UNRESTRICTED ACCESS
> $IPCHAINS -A input -s 192.168.1.0/255.255.255.0 -d
> $REMOTENET -j ACCEPT
> #UNRESTRICTED ACCESS
> $IPCHAINS -A input -s 192.168.2.0/255.255.255.0 -d
> $REMOTENET -j ACCEPT
> #UNRESTRICTED ACCESS
> $IPCHAINS -A input -s 192.168.3.0/255.255.255.0 -d
> $REMOTENET -j ACCEPT
>
> Do I have to do or change anything else to make this work..?
> Thanks for all your help so far.
*********************************************
Want free email? Sign up at http://www.freeze.com !
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:35:33 PDT