[cobalt-users] IPChains/PMFirewall: Mult Subnets... Excellent but...

["Troy Arnold" <cobalt@xxxxxxxxxxxxxx>]

Thanks Gerald. You rule. The second option works just fine! I am so
jazzed... been trying to work it out myself for almost two weeks.

>From /usr/local/pmfirewall/pmfirewall.conf
# Try commenting out the following lines
#OUTERMASK=`ifconfig $OUTERIF | grep Mas | cut -d : -f 4`
#OUTERNET=$OUTERIP/OUTERMASK
OUTERNET=$OUTERIP/23
or
OUTERNET=$OUTERIP/255.255.255.0 <--- This Worked Wonders
note the minor variation from your post, trivial

Actually tried what I thought was the correct change... and ended up locking
myself out of the box completely. Had to go to my colo (only 30 minutes) ...
but next time I am using a timed shell script. Couldn't get access to the
colo for awhile so everything was down, frustrating but a great lesson.
Finally got back up and running and found the time to try my third option
(the one above) which worked great. Thanks again... and everyone else who
contributes to this list.

One little problem I just found... everything functions (as far as I can see
from my cursory inspection) except traceroute is not finding the host. As
soon as I ./pmfirewall stop it resolves. I thought I left my port 53?
accessible (dns, have to check) or is this ICMP, hmmm will research, but any
more right on the nose answers on that one? Weird, mail, websites and ftp
function normally now. I have PortSentry running but that shouldn't affect,
only report, correct? Thanks in advance for your help.

Best regards,
Troy Arnold
websetters, inc.