I dunno, I haven't used ipchains with a dialup connection. If it works, good. :) CIDR stands for Classless Inter-domain routing (or something like that). 192.168.2.0 with a netmask of 255.255.255.0 is the same as 192.168.2.0/24. If you take the netmask and write it in binary, you get: 11111111 11111111 11111111 00000000 which is 24 bits, hence the /24. 255.255.0.0 is "11111111 11111111 00000000 00000000" which is /16. And my DSL is 255.255.255.240 which is "11111111 11111111 11111111 11110000" which is /28. Jay > -----Original Message----- > From: Shawn [mailto:fertch at mninter.net] > Sent: Saturday, March 24, 2001 9:13 PM > To: tclug-list at mn-linux.org > Subject: Re: [TCLUG] IP Chains > > > After doing some more digging, and reading a bit more, I > found that if I put > these two lines in: > > ipchains -P forward DENY > ipchains -A forward -i ppp0 -j MASQ > > things work. Though, now this leads me to think that if the > above works with a > dialing device, would the one you suggest below be for an > ethernet device? I > admit to having not tried yours below Jay, but this is a > thought for some more > understanding on my end. > > Also, I admit to being a bit naive on this. But, the the > heck is CIDR? > > > "Austad, Jay" wrote: > > > Try changing: > > ipchains -A forward -j MASQ -s 10.0.0.0/99 -d 0.0.0.0/0 > > to > > ipchains -A forward -j MASQ -s 10.0.0.0/8 -d 0.0.0.0/0 > > > > Make sure your internal ip's on your network are 10.x.x.x addresses, > > otherwise you need to modify the -s option. ipchains > shouldn't even take 99 > > as an option as you can only have a maximum of /32 there. > This is the > > netmask in CIDR format. > > > > Jay > > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list >