i have your typical broadband connection and a trusty sparc5 debian machine that i use for a firewall / nat for my home network. i cannot get a newer iptables capabile kernel to run on the little guy and thus i am working with ipchains. i am having problems figuring out how to: * nat/masquarade internal network * allow incoming ssh traffic to my network from outside * allow all outgoing traffic from my network * allow all incoming traffic to my network that is 'established' * deny & log all everything else i have been toying with lots of scripts of this nature ... ipchains -F ipchains -P input ACCEPT ipchains -P forward DENY ipchains -P output ACCEPT ipchains -A input -p udp -i eth1 --dport 22 -j ACCEPT ipchains -A input -p tcp -i eth1 --dport 22 -j ACCEPT ipchains -A forward -i eth1 -j MASQ ipchains -A input -i eth1 -j DENY ... most of which basically make the machine dead in the water as far as forwarding packets since they lack the 'established' like commands here: iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED --j ACCEPT iptables -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset can anyone show me the light here? i have truly tried to investigate this i believe everywhere i could.
