I dunno, I haven't used ipchains with a dialup connection.  If it works,
good.  :)

CIDR stands for Classless Inter-domain routing (or something like that).
192.168.2.0 with a netmask of 255.255.255.0 is the same as 192.168.2.0/24.
If you take the netmask and write it in binary, you get:
11111111 11111111 11111111 00000000

which is 24 bits, hence the /24.  255.255.0.0 is "11111111 11111111 00000000
00000000" which is /16. And my DSL is 255.255.255.240 which is "11111111
11111111 11111111 11110000" which is /28.

Jay

> -----Original Message-----
> From: Shawn [mailto:fertch at mninter.net]
> Sent: Saturday, March 24, 2001 9:13 PM
> To: tclug-list at mn-linux.org
> Subject: Re: [TCLUG] IP Chains
> 
> 
> After doing some more digging, and reading a bit more, I 
> found that if I put
> these two lines in:
> 
> ipchains -P forward DENY
> ipchains -A forward -i ppp0 -j MASQ
> 
> things work.  Though, now this leads me to think that if the 
> above works with a
> dialing device, would the one you suggest below be for an 
> ethernet device?  I
> admit to having not tried yours below Jay, but this is a 
> thought for some more
> understanding on my end.
> 
> Also, I admit to being a bit naive on this.  But, the the 
> heck is CIDR?
> 
> 
> "Austad, Jay" wrote:
> 
> > Try changing:
> > ipchains -A forward -j MASQ -s 10.0.0.0/99 -d 0.0.0.0/0
> > to
> > ipchains -A forward -j MASQ -s 10.0.0.0/8 -d 0.0.0.0/0
> >
> > Make sure your internal ip's on your network are 10.x.x.x addresses,
> > otherwise you need to modify the -s option.  ipchains 
> shouldn't even take 99
> > as an option as you can only have a maximum of /32 there.  
> This is the
> > netmask in CIDR format.
> >
> > Jay
> 
> _______________________________________________
> tclug-list mailing list
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
>