[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    in what interface should i put pass in and pass out?
From:       "T X" <me_aa () hotmail ! com>
Date:       2007-03-24 10:47:05
Message-ID: BAY104-F18F9F8D92CA806004257AB98690 () phx ! gbl
[Download RAW message or body]

Hey all,

   I have read the basic docs and faq for the ip filter but i wasn't able to 
figure out an answer for the following two.. Anyone to help me?

1) does a "block all" cover me from block in all and block out all? is in 
and out mandatory or optional using the ipfilter?

2) i am trying to use ipfilter in a linux machine with two interfaces. lets 
say that eth1 is going to the Internet and eth0 to my local lan. I am 
thinking to put some rules on my eth1 with the pass in command so that i can 
block/allow requests from clients to my server inside the lan. where should 
i put the rules for server's reply to the clients? Would it be better to use 
a pass in rule to my eth0 interface or a pass out rule to my eth1 interface 
and why?

a little sketch would be like this


server----------eth0[ipfilter]eth1--------[router]-----internet..

Many many thanks!
Tim

ps. when i pass in a packet from the eth1 should i explicitly pass it out on 
the eth0 so that it will be forwarded to my lan? this qestions also applies 
the other way arount...

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.com/

[prev in list] [next in list] [prev in thread] [next in thread]